Is Zoom Safe to Use?
OsloMet has taken precautions to make Zoom more secure. It is important to update Zoom when new versions are available. And never share meeting links in public.
Avoid unauthorized access to your meeting
Many people are concerned about "zoom bombing" – unauthorized people coming into your meeting and acting inappropriate. To avoid this, it is important not to spread Zoom meeting links publicly. Remember, if you spread a meeting link on social media you have invited the whole world. If you need to arrange an open Zoom meeting, please contact Auditoriehjelpen.
OsloMet has adopted the Zoom video solution for both digital teaching and digital meetings, and the use of Zoom has grown tremendously in recent weeks, both in Norway and in the rest of the world. The security of Zoom is therefore much debated now.
In general, we can say that:
- OsloMet has taken some precautions to reduce the risk. Uninett supplies Zoom to OsloMet and other universities and colleges in Norway.
- However, there are some known uncertainties. Therefore, it is important to update Zoom on your PC / Mac / mobile phone when you are notified that new versions are available.
Here are answers to several questions raised:
Can anyone steal my password through Zoom?
Zoom has recently removed the ability a meeting participant had to steal login information from another who clicked a link in the chat. Therefore, it is important that you update Zoom on your PC / Mac / mobile when you are notified that new versions have come. This is especially important if you are using your private PC or Mac.
The same rules apply to Zoom as they do to the Internet in general: Don't click on suspicious-looking links!
Is it true that Zooms sends data to Facebook?
This is was a problem in the Zoom app for iPhone, but it is fixed now. Therefore, if you use Zoom on your iPhone, you should check that you have updated to the latest version of the Zoom app.
Can anyone activate my camera and speaker?
No. This was a security hole for the Mac client that was resolved in July of last year.
Can anyone damage my PC / Mac through Zoom?
It was discovered that the Mac installer could be manipulated into installing other applications, but this vulnerability was quickly fixed by Zoom. Such manipulation required physical access to your computer and could not occur over the network.
Can unauthorized persons enter the meetings?
Access to meetings is controlled by the meeting ID number and password. It is included in the notice. If you do not share it with anyone other than the people participating the meeting, you can be pretty sure that no one else is coming in.
For teaching, the routine is for all links to be distributed in Canvas where students must log in. The link should not be made public.
Institutions that did not set passwords or that made the invitation link public have experienced visits by unauthorized persons. As mentioned, OsloMet requires that all meetings have passwords.
The host and co-hosts can always choose to view a list of who is in the meeting and disconnect any attendees who are not supposed to be there. There are additional security settings, such as waiting rooms, for controlling participants who are let in.
Is communication through Zoom encrypted?
Zoom does not have full encryption of video calls, although they have stated this in a security document. The risk assessment at OsloMet is based on the fact that Zoom is not fully encrypted, and is one of the reasons why Zoom should not be used for sensitive information at OsloMet.
However, data traffic between users and servers is encrypted. Uninett delivers Zoom to OsloMet, and for us the risk is further reduced by the servers being used.
Can anyone share inappropriate content in a meeting?
In principle, this is possible through the sharing of content from one’s own screen and use of virtual background. It is not possible to do this anonymously. As long as Zoom is used for teaching and meetings with students and staff, the risk is low. So far, no such incidents have been reported to us. If this becomes a problem at OsloMet, we can quickly turn on security settings that prevent this.
How has OsloMet taken care of security and privacy in Zoom?
It is Uninett that has an agreement with Zoom (through NORDUnet, a collaboration body for the national data networks for research and higher education in the Nordic countries), and that delivers Zoom to OsloMet and the rest of the sector. Both Uninett and OsloMet have made thorough risk assessments before the solution was implemented.
OsloMet has a user license for all students and staff, and you log in with your username and password. This gives you access to the full version of Zoom, and also benefits from the security settings made by OsloMet's system manager.
Among the security settings made are:
- Live streaming to Facebook / YouTube turned off.
- The ability to auto-save chat is turned off.
- The ability for others to control your camera is turned off.
- The ability to share files in chat is turned off.
- Shooting with cloud storage (outside the GDPR area) is off
- All user information is minimized, only name and epost get transferred to Zoom