People vs. Zoom: How COVID-19 Exposed a Security Vulnerability

Humanity doesn’t seem to be able to catch a break. As we are forced into our home because of the COVID-19 crisis and now need to do everything online, our privacy and security are endangered because Zoom didn’t clear their SDK correctly.

Currently, everyone who joined Zoom’s conference service using Facebook had their private data shared with dozens of companies and third parties, including Facebook itself. Allegedly.

Because of this error, there is even a class-action lawsuit against Zoom, who’s stock price grew almost 50% since the start of the epidemic, just to crash back down.

Those who have practiced cyber hygiene and used a VPN are completely safe.

But, there’s no point in crying over spilled milk. Those who are now planning to start need to do a bit of scrubbing. A premium VPN provider like Le VPN would be a cornerstone and the easiest starting position. That way, you will quickly detach your IP address from the one stored by Zoom.

Next, you will need to scrub your Facebook, change your data to false ones, and then hide it. Finally, make an alternate Zoom account with a disposable email address. All intimate data should be moved to an external hard drive and disconnected, at least for the next few months.

How Zoom (Reportedly) Breached the Privacy of Millions?

Each application and program has its software development kit or SDK. This tool is used to build up the app by easing the creation of compilations and frameworks. With an SDK, you are making certain that the program is compatible with the operating system.

In the case of Zoom, they have left many of the developer tools inside the batch file you get when you install the program.

While we often fear that this can fall into the wrong hands, it started in the wrong hands, as this file alone sent data, links, and IP addresses back to Facebook and probably many other companies. It is still unknown if this happened only for those who have logged via their Facebook account, or with everyone.

The entity on the receiving end got everything a hacker could ever hope to get. From your name, address, friends list, who you are calling, and for how long, to the links and data you have been sending over Zoom. Basically, every single homework assignment in the last two weeks.

Working During the COVID-19 Crisis

As we must stay at home if we want to avoid the IRL virus, we encounter a whole range of viruses, Trojans, spyware, and other security vulnerabilities that can be just as devastating for our life as getting sick.

Thankfully, we already know how to deal with it. The only thing needed now is increased mindfulness and concentration to ensure the stability of our cybersecurity.

As with Zoom that failed because of negligence (allegedly) and not any technical issues, we can be our worst enemy. Failing to use a VPN  because of some perceived convenience, or having everything about you on your Facebook account for vanity points is how most people lose their data, money, or even their very identity.

Cyber Hygiene is Key

Wash your hands!

In the real world, as it happens online, this call is not because of other people like clean hands. No, small specs of dirt and germs stick to us, then we touch something important, and voilà! We are infected.

Digital hygiene is key if you don’t want to spread viruses and other malicious software to important devices. Keep your identity hidden as much as possible, don’t leave personal information such as phone numbers and full names online, and never keep your entire life story on your Facebook.

With Zoom vulnerability, we have seen that they can take every single piece of information you placed online. So, the best way to protect ourselves is not to have any of that info posted in the first place.

Always Use a VPN

There are multiple reasons why both companies and malicious groups want to steal your IP address. And, with a breach like in Zoom, they just needed to collect it, without any hacking at all.

But, if you are using a VPN, your IP address is protected, and there is nothing to worry about. The connection will not only shield your IP address but will change the designation of the make and model of your device to that of the server.

While this doesn’t affect your work, it does confuse hackers.

Class Action Lawsuit

If you have been using Zoom in the last two weeks, and you are not a Facebook employee, you are quite possibly a part of the class-action lawsuit against Zoom.

The lawsuit encompasses everyone who is affected by the breach in security, excluding only employees and owners of the entities receiving the data. In the filing, it is stated that Zoom was sending not only the identity of the person but also their IP address, device designation, time zone, as well as UAI, the unique advertising identifier.

You don’t need to do anything if you are someone affected, just follow the story and wait for your check in the mail.

Conclusion

While Zoom’s lapse in judgment and quality control did expose many gaps in the system, that is nothing new. During the COVID-19 crisis, as well as after, we need to be vigilant about our cybersecurity and our private data.

With premium VPN providers, you can conceal your current device data, but only with cyber hygiene, you can be sure that everything is clean and that you are safe.