With the recent outbreak of COVID-19 and the stay at home requirements being implemented across the country, staying at home is now becoming a necessity for the time being. Socializing and working from home has temporarily become the norm. Usually, when we become bored we go for the most popular and fun app, but does that mean they’re the best pick for our safety?
Popular apps get great publicity as millions are potentially talking and using it at any given time. This popularity attracts new users, both old and young alike, as well as hackers who are looking to take advantage of any information they can get their hands on. Cybersecurity researchers know this and act very quickly to check systems and applications that attract this negative attention. Zoom is one of those apps. Zoom is being used for school lessons, work meetings, and virtual social events. Research shows that Zoom’s privacy and security are not quite at the level they should be. There are multiple privacy concerns with Zoom giving away Facebook user information without a customer's knowledge and mining user information to find LinkedIn connections. Both events being unannounced to the user. Even though the app may be “free” there's no such thing as a free lunch. You’re paying with your data.
Zoon has implemented a small list of fixes so far, but the issue still stands on how many more security and privacy flaws are still embedded into Zoom. In addition to the issues that are being found, companies like SpaceX and schools in NYC are banning the use of Zoom for communication due to security issues Forbes also mentions that researchers from The Citizen Lab, a cybersecurity lab based out of the University of Toronto, found one of Zoom’s servers was placed in China. The servers are generally used to connect conversations and manage the encryption process of the calls. The researchers found some user conversations and data, along with the key to encryption and decrypt the data, are being sent to the same server in China. This creates another issue because all companies operating in China must surrender their data at the drop of a hat. In addition to these findings, the exploits of Zoom haven’t stopped yet.
Since the COVID-19 outbreak Zoom hasn’t left the spotlight in the security world. It is not uncommon for hackers to sell exploits for popular apps and systems. Unfortunately, this also applies to Zoom. This goes to show Zoom did a poor job of securing their app during development. This falls back on the software and cybersecurity team responsible for their initial phases of development.
Similarly, the social media app TikTok is under similar circumstances. TikTok is managed by ByteDance, a Chinese based company. That means, similarly to Zoom, the Chinese government may also request all videos, pictures, and user information placed on the platform at any given time. With this being said, both the TSA and the military have banned TikTok being used because of its security and privacy issues.
The United States, on behalf of the Federal Trade Commission, filed a lawsuit against TikTok, formally Musical.ly at the time, in February 2019 for the allegations of unlawfully collecting and using children’s private data under the age of 13. Their violation was not complying with the Children’s Online Privacy Protection Act (COPPA) for not obtaining parental consent. In another case filed against TikTok, a class action lawsuit is taking place (at the time this article was written) in the state of California. Violation of Computer Fraud, Data Access, and intrusion upon seclusion are a few of the claims listed in the lawsuit. In addition to this, the app documents all usage of the app. All video recordings and typed text, regardless of being saved or published, get saved by the app. It gets better too... The lawsuit states that TikTok takes data from the user’s phones while the app is closed and not in use. The app has also been convicted with “including Chinese surveillance software” according to the same case studies.
Overall, not every fun app is meant to help you. There will always be a bad actor behind every platform trying to take advantage of people. This doesn’t mean we should be scared of venturing out into our app stores but does mean we should take a little more precaution and do a little research into who we are trusting digitally. Similarly to how we no longer fall for websites ads that claim “YOU JUST WON $1,000,000!!!!” we, as a people, will learn to maneuver past these issues of personal data security one step at a time. With a simple Google search, you can find helpful resources to aid your search for security. Lucky for us, many companies help us combat security threats. Forbes, during the beginning of the COVID-19 outbreak, put together a small list of alternative apps that are secure platforms to communicate with.
The best thing to do for situations like this is to contact a security professional you know for advice. Here at Mastic, we specialize in keeping clients safe and secure. Your well-being is one of our top priorities.