Zoom’s reputation has suffered quite a bit in the last few weeks, but a new security report by Mozilla may potentially change all that.
Zoom may be the most popular video-conferencing platform in this era of social distancing, but it’s far from perfect. In fact, the platform’s reputation had been suffering quite a bit after being hit by several security and privacy issues. The enormity of the issues had even forced CEO Eric Yuan to issue a public apology.
However, a new report published by Mozilla claims that Zoom has met the same security standards as other video-conferencing platforms like Hangouts and Skype. Furthermore, the report suggests that Zoom provides better security than the FaceTime app by Apple.
5/5 Zoom Security Rating
Being one of the biggest browser makers out there, Mozilla is no stranger to apps and security. The Mozilla Foundation recently tested 15 video-conferencing apps to determine if they could pass their minimum security standards.
Apps must possess five basic security features. Mozilla requires apps to use encryption and provide regular security updates. Mozilla also isn’t satisfied with simple passwords as it wants apps to require strong passwords for signing in. Lastly, apps should have a program in place to address security issues and vulnerabilities.
Interestingly, Zoom scored a perfect 5/5 rating on Mozilla’s test and passed the foundation’s minimum security standards. The report also acknowledged the issues that Zoom is currently facing but remarks that Mozilla itself uses the Zoom app.
“Full disclosure, here at Mozilla we use Zoom and have worked closely with the company to get its privacy and security features right for us,” the report says.
Other apps that scored 5/5 are Google’s Duo/Hangouts/Meet, Microsoft’s Skype and Teams, and Facebook’s Messenger. Apple’s FaceTime and Facebook’s What’s App both scored 4.5/5 on the basis that both apps don’t require strong passwords.
Zoom’s security problems
Out of all the video-conferencing apps out there, Zoom probably has the best offerings which explain the 300 million people that use their service. Unfortunately, it is also ridden with a number of security and privacy issues.
Zoombombing has become a disruptive trend within the platform. More and more people, particularly Internet trolls, are able to guess or discover meeting IDs online, which allows them to enter uninvited and leave disruptive media or comments. Other issues that users have to deal with include dubious encryption and questionable routing.
The app previously claimed to use end-to-end encryption but later admitted that they use some form of encryption, just not E2E. Instead, the platform uses transport encryption, which is not as effective as E2E encryption.
Furthermore, there had been reports that claim the platform is sharing user information with Facebook. The company itself apologized earlier this April for accidentally routing traffic to China.
Validity of Mozilla’s report
While there is no cause to doubt Mozilla’s report, it is highly unlikely that the organization had conducted a technical examination. This is corroborated by the footer of the study notes, which reveal that the information provided was taken directly from the product websites.
Unfortunately, as proven by Zoom, one cannot really trust what products claim to have. Then again, since Mozilla itself uses the app, they could be basing the report on their own experience.
Out of the platforms tested by Mozilla, only three failed to meet the minimum security standards. These platforms are Epic Games’ Houseparty, Discord, and Doxy.me, all of which scored a 4/5 rating. Apparently, these platforms have lower password standards that make them more likely to be targeted.
However, it is also important to note that Zoom had made big strides in their promise to enhance their services and has kept the public informed of their recent actions.
Images courtesy of Harry Cunningham/Unsplash and Zoom