What You Need to Know about Zoom’s Web Conference Security

Zoom Security Issue Video Conference

As we limit our physical interaction with others, we’ve been using video calling and conferencing platforms to communicate. From meetings to lessons and even just chit-chat sessions, Zoom has become a verb to us. However, Zoom has been brought up in the media for several security flaws and issues.

Working from home

COVID-19 has affected us tremendously the past few months. It is for everyone’s safety that we stay home and physically isolate ourselves from others. As a result, citizens have to work and study from home with online materials. More specifically, many of us have used online video calling and streaming platforms to keep in contact with our team leaders, supervisors, students, teachers and the list can go on. 

Use of video conferencing platforms 

As we work from home, we turn to our electronic devices to continue our work and school responsibilities. Meetings, conferences and even classes have mostly been replaced with live streams and web conferences worldwide. Zoom Video Communications was easily made the software of choice as it was free to use. Zoom’s active users have increased by 21% since the end of 2019. 

Communicating through an online platform may sound risky as a majority of people have access to the internet.Obviously, private conversations and classes should be kept private and uninterrupted. On that account, those who are using web conferencing and online communication platforms would want to face 0 cybersecurity issues. 

Zoom’s security issues

There have been several reports of security issues with Zoom over the past 3 weeks. As a result, companies have even suspended their staff from using the application.

SpaceX (Elon Musk’s rocket company) and Google banned all employees from using the Zoom application as they found security vulnerabilities.

Due to security concerns, government agencies in Taiwan, Germany and the United States were also told not to use Zoom and to use other softwares like those from Google and Microsoft.

Within the first few weeks of home-based learning in Singapore, there have been incidents that have occured. One involved obscene images being shared during a geography class call. As a precautionary measure, the Ministry of Education (MOE) even suspended the use of Zoom for 5 days. That was until Zoom introduced more defense mechanisms against hackers.

Zoom has been addressing and acting upon these security issues to provide a more secure and private webinar platform for their users. Founder and CEO of Zoom Eric Yuan has made several public apologies, acknowledging their security faults and promising improved security features. The company is also working on improved updates for the application. These improvements include waiting room improvements, encryption-standard improvements and a renewed focus on protecting health-related data).

Former Facebook and Yahoo Chief Security Officer Alex Stamos also joined Zoom as a security advisor.

Zoom’s security issues

Lack of security for user data

26 March – According to an investigation by Motherboard, Zoom’s iOS application was sending users’ data to Facebook. The Zoom application would notify Facebook of the user’s phone model, time zone, city and when they opened the app. Furthermore, there were advertising IDs created on the user’s device which was used by companies to target advertisements.Now that’s freaky. 

27 March – Zoom responded quickly and had the data sharing “feature” removed from the iOS application the next day. 

1 April – Another security flaw was found by Motherboard and Zoom was found to be leaking users’ email addresses and photos.This gives strangers the ability to call others through Zoom.

2 April – The New York Times reported on how Zoom had a feature that allowed participants of a call access the LinkedIn profile data of other participants – without asking for permission. In Colorado, at least six students and their teacher had their full names and addresses gathered by Zoom and could be used by its LinkedIn profile matching tool. 

2 April – An automated tool could find Zoom meeting IDs and gather information from several Zoom meetings. The tool was also able to generate meeting IDs (the codes to enter a private meeting) up to 14% of the time.

3 April – The Washington Post reported that thousands of Zoom videos (including personal ones) were available for viewing on the open web. These video calls included personal information and deeply intimate conversations. Many of the videos were recorded from Zoom’s software and uploaded onto an online storage space. Hosts of Zoom calls are able to choose to record them. These recordings are then saved onto Zoom servers or their own. 

6 April – Zoom accounts, along with their names, email addresses, passwords, meeting IDs and host keys, were found on the dark web.

8 April – Zoom released a software update which removed meeting IDs from the title bar while a meeting was ongoing. This slows down attackers who share screenshots of meeting IDs online.

13 April – Cyble, a cybersecurity firm, discovered over half a million Zoom accounts were being sold, some even being given away for free, on the dark web and hacker forum.

End-to-End encryption & Servers

30 March – The Intercept conducted an investigation which found that Zoom’s video calls weren’t end-to-end encrypted like they had marketed. This means that the audio and visuals of your calls can be accessed by Zoom. While this is concerning, you should know that it is difficult to have video calls be end-to-end encrypted because Zoom needs the audio to identify who is speaking during the call. Either way, they shouldn’t have promised end-to-end encryption when they couldn’t enable it.

3 April – A Citizen Lab Report found that Zoom was using a less secure encryption than they claimed. 

5 April – Zoom “accidentally” allowed calls to be made through Chinese servers. As a result, certain meetings were “allowed to connect to systems in China, where they should not have been able to connect”. The issue has since been fixed and Zoom explained that this incident occurred under “extremely limited circumstances”.

 Zoom bugs

30 March – Three Zoom bugs were discovered that made people vulnerable to hackers. Users could have their password stolen or even have their microphone or webcam hacked and taken over.

8 April – Hackers were looking for bugs and vulnerabilities in Zoom’s software to sell.

Zoombombing / Lesson interruptions

30 march – Zoombombing is the disruption of a Zoom call by someone who wasn’t supposed to be part of the call. These disruptors oftentimes screen share to display disturbing or sensitive images. One classroom Zoombombing incident occurred where hackers displayed a swastika on students’ screens.

2 April – 8chan forum users had planned to interrupt the calls of a school in Philadelphia.

3 April – Anonymous attackers were using social media to plan “Zoomraids” (coordinated Zoombombings). These raids disrupted (private) meetings and harassed attendees verbally as well as by displaying racist and pornographic imagery.

8 April – The Zoombombings went to another level with Artificial Intelligence (AI). Imagine the surprise when a Samsung Engineer Zoombombed his colleagues with Elon Musk.

8 April – Default settings for educators enrolled in Zoom’s K-12 program enable virtual waiting rooms and allow only the teachers to share content during class. From 5 April, all Free Basic and Single Pro users can enable passwords and virtual waiting rooms. Educators are also informed on how they can protect their video calls.

How to uninstall the Zoom application

Zoom application on a Macbook.

If you’re using a Mac device

  • Locate the app in your Finder (Usually found in the Applications folder)
  • Left-click the Zoom icon to select it and Move to Trash OR drag the Zoom icon to your trash bin in your dock
  • Empty your trash bin

If you’re using a Windows device

  • Go into Windows Setting (Click on the Start icon → Gear icon)
  • Click on Apps and search Zoom
  • Click on the app name and click Uninstall to delete the application
  • Follow the uninstall prompts

How to protect your streams on Zoom

Interested in conducting a webinar on zoom, you can adjust your video conference settings in the personal account menu.

  • Do not allow people to join before the host
  • Only allow authenticated users to join 
    • Viewers must have a Zoom account, this allows the host to keep track of the people in the conference)
  • Password protected conferences
    • Only those who have the password can access the video call
  • Do not enable screen-sharing throughout the stream
    • It is best to turn off screen-sharing
    • If necessary, only enable screen sharing (Host only) when it is needed and turn it off afterwards
  • Do not enable far end camera control
  • Enable the waiting room
    • You can choose the participants to be admitted into the conference
    • Participants in the waiting room can see and hear the conference but cannot interact with the host (like a one-way mirror)

Zoom alternatives


  • Only applicable for Apple users
  • Limit of 32 participants

Google Hangouts Meet

  • Limit of people in call depends on G Suite subscription plan type
    • Basic Plan: 100 participants
    • Business: 150 participants
    • Enterprise: 250 participants
  • Able to Screen share and present
  • Able to record meetings
  • Educators can even use Google Meet inside Google Classroom
  • You can read more about Google Meets Live Stream here!


  • Free
  • Limit of 50 participants
  • Able to Screen share
  • Able to send files
  • Skype translator available

Microsoft teams

  • Limit of 250 participants in meeting
  • Able to Screen share
  • Able to record meetings
  • Limit of 10,000 viewers for live events


  • Free
  • Limit of 10 participants
  • Able to Screen share


  • Free
  • Limit of 10 participants in the broadcast call
  • Able to Screen share

While we use these softwares to communicate with others, we should always be vigilant and do our part in being responsible in the cyber world too. We hope that this article has been helpful to you! Let us know what web conference software you’re using in the comments below!

Planning to host a live stream or webinar? Vivid Snaps is a live streaming service provider in Singapore.



Writer: @furdoors

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.