{"video_id":"QQ7mSpVyIJo","title":"Zoom Is Getting BANNED","channel":"Techquickie","show":"Techquickie","published_at":"2020-05-05T14:58:16Z","duration_s":371,"segments":[{"start_s":0.0,"end_s":4.5600000000000005,"text":"As difficult as isolation and social distancing have been for many of us,","speaker":null,"is_sponsor":0},{"start_s":4.5600000000000005,"end_s":10.16,"text":"imagine how much more unpleasant things would be without the tech that keeps us all connected.","speaker":null,"is_sponsor":0},{"start_s":10.16,"end_s":15.36,"text":"And perhaps nothing has exploded in popularity recently as much as Zoom,","speaker":null,"is_sponsor":0},{"start_s":15.36,"end_s":20.88,"text":"the teleconferencing and video chat software that has seen huge levels of adoption worldwide","speaker":null,"is_sponsor":0},{"start_s":20.88,"end_s":27.04,"text":"since the start of the COVID pandemic. But now the app is being banned left and right.","speaker":null,"is_sponsor":0},{"start_s":27.04,"end_s":33.28,"text":"Everyone from companies like Google and SpaceX to agencies like NASA and the Australian military","speaker":null,"is_sponsor":0},{"start_s":33.28,"end_s":38.72,"text":"to the entire government of Taiwan has forbidden their people from using Zoom.","speaker":null,"is_sponsor":0},{"start_s":38.72,"end_s":44.24,"text":"But why? Well, there have been a number of well-publicized security problems with Zoom,","speaker":null,"is_sponsor":0},{"start_s":44.24,"end_s":48.88,"text":"which is a little strange considering that we don't really worry all that much about having","speaker":null,"is_sponsor":0},{"start_s":48.88,"end_s":53.6,"text":"our video calls on other platforms being broken into. I mean, when's the last time you worried","speaker":null,"is_sponsor":0},{"start_s":53.68,"end_s":58.4,"text":"someone was going to hack into your call on a platform like Skype, Google Hangouts,","speaker":null,"is_sponsor":0},{"start_s":58.4,"end_s":65.12,"text":"haha, or Facebook Messenger? Well, turns out Zoom has actually had security issues for a while,","speaker":null,"is_sponsor":0},{"start_s":65.12,"end_s":69.92,"text":"but many of them are just now coming to light due to its recent burst in popularity.","speaker":null,"is_sponsor":0},{"start_s":69.92,"end_s":74.56,"text":"Back in summer 2019, there was a widespread security flaw on Mac systems,","speaker":null,"is_sponsor":0},{"start_s":74.56,"end_s":80.24,"text":"where Zooms installer would effectively turn your computer into a server without telling you,","speaker":null,"is_sponsor":0},{"start_s":80.24,"end_s":84.24,"text":"which made it much easier for a stranger to add themselves to your conference","speaker":null,"is_sponsor":0},{"start_s":84.24,"end_s":87.44,"text":"and look through your webcam with just one errant click.","speaker":null,"is_sponsor":0},{"start_s":87.44,"end_s":92.72,"text":"The feature was put in place to make it easier to jump into meetings without additional clicks","speaker":null,"is_sponsor":0},{"start_s":92.72,"end_s":97.36,"text":"because the web server feature accepted connections that normal browsers wouldn't.","speaker":null,"is_sponsor":0},{"start_s":97.36,"end_s":102.8,"text":"I mean, we all trade security for convenience every day, but that one went a little too far,","speaker":null,"is_sponsor":0},{"start_s":102.8,"end_s":107.52,"text":"don't you think? Apple actually ended up issuing a macOS patch to fix the problem,","speaker":null,"is_sponsor":0},{"start_s":107.52,"end_s":111.36,"text":"but since then, a number of other issues have been discovered.","speaker":null,"is_sponsor":0},{"start_s":111.36,"end_s":117.52,"text":"One was a relatively easy way to bypass email confirmation and gain access to any account","speaker":null,"is_sponsor":0},{"start_s":117.52,"end_s":123.68,"text":"where the email address was known simply by using the same ID tag in the signup pages URL","speaker":null,"is_sponsor":0},{"start_s":123.68,"end_s":128.88,"text":"to access the confirmation page without ever having actually had access to the email account.","speaker":null,"is_sponsor":0},{"start_s":128.88,"end_s":133.2,"text":"No fancy hacking skills needed. And because of how Zooms permissions work,","speaker":null,"is_sponsor":0},{"start_s":133.2,"end_s":137.44,"text":"a simple attack like this could actually allow an outsider to access","speaker":null,"is_sponsor":0},{"start_s":137.44,"end_s":142.88,"text":"all accounts associated with a domain if the compromised account is from a company rather","speaker":null,"is_sponsor":0},{"start_s":142.88,"end_s":149.92,"text":"than an individual. Wow, that's terrible. Is anybody using Zoom? Okay, good.","speaker":null,"is_sponsor":0},{"start_s":149.92,"end_s":154.72,"text":"Although that issue has been fixed, Zooms encryption is still rather weak.","speaker":null,"is_sponsor":0},{"start_s":154.72,"end_s":159.6,"text":"In early April of 2020, researchers discovered that the encryption Zoom used at the time","speaker":null,"is_sponsor":0},{"start_s":159.6,"end_s":166.32,"text":"was actually AES-128, not the advertised AES-256, which is much more secure.","speaker":null,"is_sponsor":0},{"start_s":166.32,"end_s":170.24,"text":"Perhaps a larger issue for most people, though, is how easy it is to find","speaker":null,"is_sponsor":0},{"start_s":170.24,"end_s":172.72,"text":"Zoom meetings without even breaking any encryption.","speaker":null,"is_sponsor":0},{"start_s":173.28,"end_s":178.56,"text":"Attackers have had success rapidly trying random IDs until they found some that were active,","speaker":null,"is_sponsor":0},{"start_s":178.56,"end_s":183.76,"text":"making it simple for them to break into meetings and sometimes transmit disruptive or offensive","speaker":null,"is_sponsor":0},{"start_s":183.84,"end_s":190.64,"text":"audio and video, a practice dubbed Zoom bombing. So it's like chat roulette, but at the office.","speaker":null,"is_sponsor":0},{"start_s":190.64,"end_s":195.52,"text":"And to top it all off, Zoom has been routing lots of traffic through servers in China.","speaker":null,"is_sponsor":0},{"start_s":195.52,"end_s":199.76,"text":"And unlike other countries which have strong privacy protections for user data,","speaker":null,"is_sponsor":0},{"start_s":199.76,"end_s":203.6,"text":"China's government doesn't need a warrant to see what's happening on servers located","speaker":null,"is_sponsor":0},{"start_s":203.6,"end_s":207.84,"text":"inside the country at any given time, raising fears from the privacy conscious.","speaker":null,"is_sponsor":0},{"start_s":208.8,"end_s":213.28,"text":"And if that's not enough, Zoom is also facing issues that aren't strictly its fault.","speaker":null,"is_sponsor":0},{"start_s":213.28,"end_s":218.0,"text":"Zoom's installer has been a favorite target of hackers who are modifying it with malware","speaker":null,"is_sponsor":0},{"start_s":218.0,"end_s":223.2,"text":"and then releasing it back out into the wild. And because so many people are quickly downloading","speaker":null,"is_sponsor":0},{"start_s":223.2,"end_s":227.68,"text":"and signing up for Zoom using existing email and password combos involved in previous data","speaker":null,"is_sponsor":0},{"start_s":227.68,"end_s":232.64,"text":"breaches, it hasn't been tough for attackers to steal accounts. Over half a million credentials","speaker":null,"is_sponsor":0},{"start_s":232.64,"end_s":236.72,"text":"are up for sale on the dark web at the time we wrote this episode.","speaker":null,"is_sponsor":0},{"start_s":236.72,"end_s":241.52,"text":"So what can you do if you're using Zoom and you can't convince your friends or organization","speaker":null,"is_sponsor":0},{"start_s":241.52,"end_s":244.88,"text":"to move to a different platform? Well, the easiest form of risk mitigation","speaker":null,"is_sponsor":0},{"start_s":244.88,"end_s":248.72,"text":"is to simply slap a password on your Zoom meetings, which will effectively stop","speaker":null,"is_sponsor":0},{"start_s":248.72,"end_s":253.52,"text":"Zoom bombing attacks. And there's also an option to lock meetings after everyone has joined","speaker":null,"is_sponsor":0},{"start_s":253.52,"end_s":258.72,"text":"so no unauthorized participants can butt in. If you don't have Zoom yet and you need to install it,","speaker":null,"is_sponsor":0},{"start_s":258.72,"end_s":263.04,"text":"one pro tip is to make sure that you're only installing it from Zoom's official website,","speaker":null,"is_sponsor":0},{"start_s":263.04,"end_s":266.72,"text":"not from some other source that could be giving you a compromised installer.","speaker":null,"is_sponsor":0},{"start_s":267.44,"end_s":271.84,"text":"Of course, with so much public scrutiny, Zoom is attempting to fix some of these issues,","speaker":null,"is_sponsor":0},{"start_s":271.84,"end_s":275.6,"text":"and they won't be rolling out any new features for the next couple of months so that their","speaker":null,"is_sponsor":0},{"start_s":275.6,"end_s":281.68,"text":"developers can focus on security and privacy patches. It just means that given their mentality","speaker":null,"is_sponsor":0},{"start_s":281.68,"end_s":286.8,"text":"around this stuff and that it took this kind of outburst from the public in order to focus on","speaker":null,"is_sponsor":0},{"start_s":286.8,"end_s":293.44,"text":"those things, it just raises the question, should you be trusting them with your messages?","speaker":null,"is_sponsor":0},{"start_s":293.44,"end_s":296.0,"text":"Or should you instead communicate with your colleagues via","speaker":null,"is_sponsor":0},{"start_s":296.56,"end_s":302.32,"text":"pigeons? Like we do. Thanks for watching. Like, dislike, check out our other videos,","speaker":null,"is_sponsor":0},{"start_s":302.32,"end_s":307.2,"text":"and leave a comment with video suggestions so that you can see your idea on TechWiki.","speaker":null,"is_sponsor":1},{"start_s":307.2,"end_s":312.24,"text":"We're not going to pay you for it, but we are going to use it.","speaker":null,"is_sponsor":1}],"full_text":"As difficult as isolation and social distancing have been for many of us, imagine how much more unpleasant things would be without the tech that keeps us all connected. And perhaps nothing has exploded in popularity recently as much as Zoom, the teleconferencing and video chat software that has seen huge levels of adoption worldwide since the start of the COVID pandemic. But now the app is being banned left and right. Everyone from companies like Google and SpaceX to agencies like NASA and the Australian military to the entire government of Taiwan has forbidden their people from using Zoom. But why? Well, there have been a number of well-publicized security problems with Zoom, which is a little strange considering that we don't really worry all that much about having our video calls on other platforms being broken into. I mean, when's the last time you worried someone was going to hack into your call on a platform like Skype, Google Hangouts, haha, or Facebook Messenger? Well, turns out Zoom has actually had security issues for a while, but many of them are just now coming to light due to its recent burst in popularity. Back in summer 2019, there was a widespread security flaw on Mac systems, where Zooms installer would effectively turn your computer into a server without telling you, which made it much easier for a stranger to add themselves to your conference and look through your webcam with just one errant click. The feature was put in place to make it easier to jump into meetings without additional clicks because the web server feature accepted connections that normal browsers wouldn't. I mean, we all trade security for convenience every day, but that one went a little too far, don't you think? Apple actually ended up issuing a macOS patch to fix the problem, but since then, a number of other issues have been discovered. One was a relatively easy way to bypass email confirmation and gain access to any account where the email address was known simply by using the same ID tag in the signup pages URL to access the confirmation page without ever having actually had access to the email account. No fancy hacking skills needed. And because of how Zooms permissions work, a simple attack like this could actually allow an outsider to access all accounts associated with a domain if the compromised account is from a company rather than an individual. Wow, that's terrible. Is anybody using Zoom? Okay, good. Although that issue has been fixed, Zooms encryption is still rather weak. In early April of 2020, researchers discovered that the encryption Zoom used at the time was actually AES-128, not the advertised AES-256, which is much more secure. Perhaps a larger issue for most people, though, is how easy it is to find Zoom meetings without even breaking any encryption. Attackers have had success rapidly trying random IDs until they found some that were active, making it simple for them to break into meetings and sometimes transmit disruptive or offensive audio and video, a practice dubbed Zoom bombing. So it's like chat roulette, but at the office. And to top it all off, Zoom has been routing lots of traffic through servers in China. And unlike other countries which have strong privacy protections for user data, China's government doesn't need a warrant to see what's happening on servers located inside the country at any given time, raising fears from the privacy conscious. And if that's not enough, Zoom is also facing issues that aren't strictly its fault. Zoom's installer has been a favorite target of hackers who are modifying it with malware and then releasing it back out into the wild. And because so many people are quickly downloading and signing up for Zoom using existing email and password combos involved in previous data breaches, it hasn't been tough for attackers to steal accounts. Over half a million credentials are up for sale on the dark web at the time we wrote this episode. So what can you do if you're using Zoom and you can't convince your friends or organization to move to a different platform? Well, the easiest form of risk mitigation is to simply slap a password on your Zoom meetings, which will effectively stop Zoom bombing attacks. And there's also an option to lock meetings after everyone has joined so no unauthorized participants can butt in. If you don't have Zoom yet and you need to install it, one pro tip is to make sure that you're only installing it from Zoom's official website, not from some other source that could be giving you a compromised installer. Of course, with so much public scrutiny, Zoom is attempting to fix some of these issues, and they won't be rolling out any new features for the next couple of months so that their developers can focus on security and privacy patches. It just means that given their mentality around this stuff and that it took this kind of outburst from the public in order to focus on those things, it just raises the question, should you be trusting them with your messages? Or should you instead communicate with your colleagues via pigeons? Like we do. Thanks for watching. Like, dislike, check out our other videos, and leave a comment with video suggestions so that you can see your idea on TechWiki. We're not going to pay you for it, but we are going to use it."}