With the Coronavirus presenting the challenge of remote learning, little used teleconferencing tool “Zoom” rose to the task. Schools and Universities all over the United States have turned to the software in order to provide continuing instruction to their students. However, multiple fatal security and privacy flaws have been discovered by hackers, students, and the FBI.
“Zoom-Bombing” has become rampant. Students will share their online meeting details on the internet, with the hopes of hordes of random students joining the session, ultimately destroying it. While not inherently dangerous, it’s an annoying flaw that could be fixed by simply sending students one time use codes, or single session keys.
On the more dangerous side of things, Zoom’s corporate background includes corporate features, such as company address books. Zoom’s login servers scan and GROUP similar email domains into lists. For example, everyone with a “@montclair.edu” address would be able to access an address book with everyone else who has the same domain. Makes sense, right? Well, think of “@gmail.com” and “@comcast.net” and ect, you can see how this is an issue now.
Both of these flaws are stupidly simple to correct. I’m a college age communications student with a rudimentary coding background. Zoom; hire me. This is fixable in 15 minutes, and shouldn’t have been overlooked in the first place.
TVDM101 Blog - Nick Vitagliano 