DEV Community

A semi technical explainer of all known Zoom issues

rhymes on April 05, 2020

(or Zoom choices are what got them in trouble) (opinions are mine and not DEV's) A (mild) defense of Zoom Inc.'s troubles Let me start...
Collapse
 
brpaz profile image
Bruno Paz • Edited

Thanks for the detailed resume of all this Zoom situation.

I have never used it and I wasnยดt really understanding some things like how it was so easy to find these open Zoom meetings.

Guessable ids and file names?? Really?? That is like the Web security 101 :(

I guess Zoom never expected to be so widely used outside of the corporate environment. Still, these are pretty serious security issues.

I was also surprised by all this sudden Zoom adoption. I mean, it had a niche usage before. Why not Hangouts or Skype/Teams for example? Not saying these are better, but I thought they were more known by the general public. And schools etc probably are already using Google or MST services internally.

Collapse
 
rhymes profile image
rhymes • Edited

I was also surprised by all this sudden Zoom adoption. I mean, it had a niche usage before. Why not Hangouts or Skype/Teams for example? Not saying these are better, but I thought they were more known by the general public. And schools etc probably are already using Google or MST services internally.

I'm not familiar with Microsoft Teams, but Skype requires users to register, Zoom doesn't. You could literally hop in in a meeting in a few seconds, now it takes a little bit longer as the installer is a regular one but still you don't need to have an account.

Also, do Skype or Team have URLs for meetings? That's a huge factor in adoption, people can send each other meeting rooms and not have to coordinate by who calls whom, as in video within chat apps like WhatsApp

Collapse
 
ahferroin7 profile image
Austin S. Hemmelgarn

There's also a big mentality of "I use this for work, it's free, let's use it for other things.". Zoom has a huge usage share in business for a number of reasons (aside from what you mentioned, they also let you record meetings, which a number of other options can't do without using screen-recording tools).

Thread Thread
 
rhymes profile image
rhymes

Yes, recording meetings is definitely useful, especially in distributed companies

Collapse
 
artis3n profile image
Ari Kalfus

Zoom has gotten what must be a few million dollars in free penetration testing services at this point. They're going to come out of this as the most secure video platform out there. None of these issues are unique to Zoom - if anyone looked at Hangouts, WebEx, or Teams I'm sure they'll find extremely similar issues.

What I look at in these scenarios is the company response, and zoom has done a great job communicating to the public and putting in fixes. I'm going to continue using them as my primary platform.

Collapse
 
rhymes profile image
rhymes

Zoom has gotten what must be a few million dollars in free penetration testing services at this point. They're going to come out of this as the most secure video platform out there.

Ah ah probably, I actually read someone complaining that Zoom doesn't have a form bug bounty program. Don't know if they actually do or not.

None of these issues are unique to Zoom - if anyone looked at Hangouts, WebEx, or Teams I'm sure they'll find extremely similar issues.

Probably, that's what I hinted at in my conclusions. Throwing around alternatives without actually understanding in what they are an alternative for it's not going to help much. That's why I'm waiting for deeply researched comparisons between services.

As mentioned by the team at webrtcH4cKS doing e2e with video is hard.

What I look at in these scenarios is the company response, and zoom has done a great job communicating to the public and putting in fixes. I'm going to continue using them as my primary platform.

I'm a bit wary of companies that become good communicators after they have been put in the spotlight but yeah, they are working around the clock to fix the issues.

Let's hope you're right and they come to the other side as the most secure video platform, as their video and call quality is rock solid!

Collapse
 
nikoheikkila profile image
Niko Heikkilรค

I was surprised to find Zoom growing its user base due to the current world situation. Google Hangouts has been there for so long, and it has always sat with me better. Perhaps Hangouts being the product of big bad Google drove people to seek for alternatives and they found Zoom?

Anyway, I've been satisfied with my company using Microsoft Teams with its smooth group video, whiteboard, and text chat capabilities.

Collapse
 
rhymes profile image
rhymes

I was surprised to find Zoom growing its user base due to the current world situation. Google Hangouts has been there for so long, and it has always sat with me better. Perhaps Hangouts being the product of big bad Google drove people to seek for alternatives and they found Zoom?

To be fair lots of users use Hangouts. I think a combination of word of mouth, easily shareable URLs and the lack of the requirements of having to have an account helped a lot. Also, its quality and its web client.

Don't know how better it gotten but I remember how two or three years years ago I couldn't use Hangouts from Firefox.

Collapse
 
ben profile image
Ben Halpern

I'm always surprised that going public financially isn't the moment where it's no longer acceptable to put growth so far ahead of security in priority.

Given what I know about pressures to grow and grow and grow and make more and more and more money, I'm not actually that surprised, but it's just kind of ridiculous.

Collapse
 
louy2 profile image
Yufan Lou

IPO is a milestone on growth, but orthogonal to security. It would be rare for an IPO adviser to offer security advice too. Moreover, with all the financial crisis and what not, it is clear the whole financial sector is not so attentive to security and integrity.

Collapse
 
nickytonline profile image
Nick Taylor

I really enjoyed this read @rhymes . ๐Ÿ‘

Collapse
 
rhymes profile image
rhymes

Thanks Nick!

Collapse
 
andrewbrown profile image
Andrew Brown ๐Ÿ‡จ๐Ÿ‡ฆ • Edited

I use Zoom and love CyberSecurity so this was quite an enjoyable read for me.

Collapse
 
rhymes profile image
rhymes • Edited

Thanks Andrew, I appreciate it. It took a while to write ๐Ÿ˜…

Collapse
 
majorosgereby profile image
majorosgereby

very well written article, thanks!

Collapse
 
bhupesh profile image
Bhupesh Varshney ๐Ÿ‘พ

Damn !!
Thanks for the explanation

on a side note we have a FOSS alternative : jitsi