Need Help?

Skip to Content

CCA Portal

Zoom Security

Last updated on Aug 23, 2021

As people worldwide adjust to working, learning, teaching, and socializing remotely, videoconferencing tools, and Zoom in particular, have become more and more ubiquitous.


Zoom Security Issues and Updates

Alongside the uptick in Zoom’s use, there are growing concerns about the software, which range from protection against “Zoombombing” to concerns about the security of the application and lack of transparency in their privacy policy.

CCA’s Technology Services and Academic Technology departments are actively monitoring these issues and evaluating how they may impact the CCA community.

At this time, Zoom remains CCA’s recommended videoconferencing platform for staff, students, and faculty.

Zoom has already taken steps to resolve some of the most concerning security and privacy issues, and new configurations are available to protect against unauthorized meeting participants.

All software companies regularly push updates or fixes when security flaws are discovered. Zoom’s recent widespread use has in some ways led to increased scrutiny, and while concerns about the software remain, they have generally addressed such issues rapidly.


Securing Your Zoom Meetings: Resources to Get You Started

Zoom has prepared a number of resources to help users maintain and protect their meetings. Here are a few highlights:


Outlined below are some of the recent Zoom user concerns. Updates and additional tips have been provided where relevant.

Data Privacy Issues

Privacy Policy Ambiguity

Zoom’s privacy policy has come under fire for its ambiguity regarding just how and where it collects, shares, and/or sells your personal data.

Updates:

  • Zoom recently updated their privacy policy to provide more clarity, which you may read in full here.

Personal Data Collection and Third-Party Tracking Tools

Zoom’s marketing websites (for example, zoom.com) collect user data from cookies and other analytics and tracking tools, which it may sell or otherwise make available to third-parties for advertising purposes.

Updates:

  • Zoom does not sell data collected from your meetings to third-parties.
  • This is—for better or worse—standard industry practice. Zoom does meet minimum legal requirements in this regard, as you can adjust your browser’s cookie settings and otherwise opt out of any targeted advertisements you receive as a result of Zoom’s data collection.
  • Read our guide on Managing Cookies on Your Browser to learn more.

Zoom’s iOS App Sending User Data to Facebook

Zoom’s mobile application for iPhones made use of Facebook’s Software Development Kit to enable users to log in using their Facebook account. It has since been discovered that Facebook SDK was collecting user data even when the user didn’t have a Facebook account or otherwise engage with the Facebook login feature.

Updates:

Undisclosed Data-Mining with LinkedIn Sales Navigator

Upon signing in to a meeting, Zoom automatically collected user information to match them to their LinkedIn profile. A Zoom application called the LinkedIn Sales Navigator enabled users to view other meeting participants’ LinkedIn profile data during meetings and without their permission.

Updates:


Security Issues

Attention Tracking Feature

Zoom had a feature by which meeting hosts could track whether attendees had navigated away from the Zoom window for a certain period of time.

Updates:

Malicious Links in Zoom Chat

A vulnerability was discovered by which someone could post a malicious link into a Zoom meeting’s chat log, using it to steal a user’s Windows credentials through what is known as a UNC path injection attack.

Updates:

Mac Client Issues

In July, 2019, a security problem in Zoom on Mac computers was widely reported. The flaw allowed a web page to launch a meeting and start streaming audio and video from your computer.

Updates:

  • Zoom pushed a fix for this problem shortly after it was widely reported.

End-to-End Encryption

Zoom had security settings available to enable end-to-end encryption for meetings, but the encryption provided was not in fact end-to-end as it is generally understood.

Updates:

Access to Recordings Posted Online

Concerns have arisen regarding unfettered access to view/download Zoom recordings that have been posted online.

Updates:

  • If you wish to make a Zoom recording available for users to view, be mindful about access. Follow CCA’s data sharing and storing guidelines.
  • Know your responsibilities with regard to other participants in the recording. Keep in mind any legal obligations you may have regarding disclosure of personal identifying information, and obtain consent as needed.

Configuration Issues

Preventing Zoom-bombing

With increasing frequency, unauthorized users have gained access to open and/or public Zoom meetings, posting and/or showing inappropriate or otherwise malicious content.

Updates: