Deck is now ready for spring. So am I
Two of the week-old lambs having a snooze in the sunshine
Quarantine beard definitely coming along. Trying to decide whether to go the full Santa or not
Zoom under pressure as the world relies on it to communicate
Note: This is something I originally wrote for the daily newsletter at the Columbia Journalism Review, where I’m the chief digital writer
It’s the kind of problem many companies would love to have: Something happens that makes the world suddenly adopt your app or service by the millions, to the point where it becomes mission-critical for many, including journalists. Unfortunately for Zoom, the thing that happened is a global pandemic, and what it has done more than anything is expose some of the flaws and weaknesses in the service, which has become the de facto method of communication for everyone from politicians and teachers to doctors. Some of those flaws or weaknesses are mundane and even humorous, such as UK Prime Minister Boris Johnson inadvertently sharing the meeting ID number for a cabinet meeting he held via Zoom (which could allow someone to connect to the call without permission), or the manager who enabled filters for a conversation with friends, and then couldn’t turn them off and did an entire meeting as a potato.
Somewhat more serious than that (although still on the nuisance end of the spectrum), attendees on some Zoom calls have been interrupted by pornography and other misbehavior, thanks to a phenomenon that some are calling “Zoom-bombing” (from the term “photo-bombing,” which is when someone jumps into a picture without permission). Trolls appear to be dialing in to random Zoom calls and displaying porn videos or blasting other annoying forms of audio and video, since many Zoom calls can be joined with a simple nine-digit number. The company said in a statement that hosts can prevent this by requiring a password, or by making use of various features such as the Waiting Room, which hides a new visitor until the host allows them to enter. “We are deeply upset to hear about the incidents involving this kind of attack,” the company said.
Some flaws in the software, however, could be extremely serious, such as a Windows vulnerability that could allow hackers to steal someone’s credentials. All a user has to do, according to one report from a software security blog, is to click on a link in the Zoom chat window, and if a hacker has configured the link properly, it will connect to the user registry within Windows and provide the user’s login and password (although Windows sends this in encrypted form, a researcher was able to decrypt the user info in less than 30 seconds with a standard PC). This kind of vulnerability could be a significant problem for journalists or aid workers and other agencies who need to keep their conversations anonymous for various reasons. It’s not the first back-door style vulnerability Zoom has seen: Until late last year, the app secretly installed a hidden web server on Mac computers that could potentially be used by hackers to take control of a computer’s video camera (Zoom has removed this feature).
Continue reading “Zoom under pressure as the world relies on it to communicate”