BC School District 34 (Abbotsford) has approved Zoom and wants my son to install it, despite me saying I didn’t want it installed here. If enough of us stand against it, they’ll use something else. Zoom should be disallowed at the provincial level so districts can’t make the decision to use it.
Here’s a partial list of why you don’t want to run Zoom. The problem isn’t so much these vulnerabilities as that they keep coming, and Zoom seems to have a sense of complete apathy towards them. Many of these are bad ideas to the point where it’s hard to imagine a reasonable programmer would do something that way, which leads me to believe there are probably bad fundamental decisions throughout.
- Zoom runs a local web server that allows computers with Zoom installed to have their cameras remotely hijacked and re-install software without permission.
- Having initially refused, Zoom eventually relents and agrees to fix the flaw (later).
- Presumably, because Apple told them that it was going to block their software from running. (This is the first time Apple has done this with a “legitimate” software package.)
- “Zoom bombing” allows hackers to join video conferences. Mostly used for porn advertising.
- Despite marketing, Zoom chats aren’t end-to-end encrypted.
April 2020 (so far):
- Two new vulnerabilities discovered in Mac client.
- Attackers can use Zoom to steal users’ Windows credentials with no warning.
- Zoom is leaking email addresses and phone numbers to strangers.
- New York has banned Zoom from schools.
- Bruce recommends IT either lock Zoom down as best you can, or — better yet — abandon the platform altogether.