Dr Ritesh Chugh, discipline lead in information systems and analysis at Central Queensland University, said Zoom users need to be alert to the risks of inflitration and take advantage of the service’s security settings.
“Users need to be aware of the security and privacy settings, the settings are under utilised,” he said. “We tend to focus on the problem without understanding that the solution is there.”
Mr Di Stefano did not respond to requests for comment. According to The Independent, the Zoom meetings he joined involved discussions about job cuts which he reported on for the Financial Times.
Zoom’s video conferencing platform has surged in popularity during the coronavirus pandemic with employees around the world working remotely. But until last week the default setting on the service was for open meetings that did not require a password, enabling unwanted attendees to join meetings or ‘Zoom bomb’.
Zoom’s Australian customers include NAB, Atlassian and REA Group and the company is booming with its valuation soaring to $US45 billion ($75 billion). However the Australian Defence Department has banned usage of the service due to fears about security vulnerabilities.
Susie Jones, founder of cyber fitness startup Cynch Security, said some of her small business clients have been the victims of ‘Zoom bombings’, however these do not appear to have been malicious in nature or designed to infiltrate competitors’ meetings.
“Two clients had general meetings Zoom bombed but they were more casual conversations rather than confidential conversations,” she says. “I had one myself on a Sunday evening, we all logged in and within a few minutes of joining the call an unknown user logged in and was sharing pornographic photos.”
Ms Jones said the issue for many users is they don’t have any choice over which platform they are going to use for a virtual meeting or conversation as they are just sent a link and have to join.
“The main concern for clients has been suspicion or general discomfort around regulators or government listening in to conversations rather than concern about competitors,” she said. “People that host meetings should set up accounts with strong passwords and multi-factor authentication and establish ground rules that there is not public access.”
Last week the video conferencing platform announced ‘Zoom 5.0’ which provided increased protection for meeting data and resistance against tampering, including the default use of a password to join meetings and ‘waiting rooms’ where users have to wait to be admitted to meetings.
“Zoom offers a number of built-in protections to help hosts protect their meetings, and we have recently made a series of updates to help hosts more easily access these features and avoid uninvited guests,” a spokesperson for Zoom said.
Sam Kroonenberg, the founder of technology company A Cloud Guru, said the use of Zoom by his business has spiked in the last month and he has not encountered any security issues.
“We asked our entire employee base of 400 people to work from home pretty much overnight, and Zoom enabled that instantly,” he said. “I’m personally not concerned about the security side of things – Zoom is upgrading its encryption again this month.”
Cara is the small business editor for The Age and The Sydney Morning Herald based in Melbourne