Why Pentagon is still using Zoom when schools are banning it?

Thousands of companies and individuals have resorted to the use of video conferencing platforms as they are not able to move to their workplaces; this has increased the popularity of these services, especially for Zoom. However, its popularity has caught the attention of cloud security course firms and specialists concerned about potential security flaws that could expose sensitive user information.

Despite these cybersecurity concerns, the US Department of Defense (DOD) has become one of the main customers of the video conferencing platform, employing its services for unclassified matters, as recognized by Lt. Col. Robert Carver, a spokesman for the agency: “DOD staff has cybersecurity training, although we recognize that there is no official protocol for the use of Zoom.”   

Cloud security course researchers find several concerns in Zoom are not unfunded. To get started, the platform is very unclear about how its software works and what permissions it requires to obtain on the user’s system. In addition, it has been confirmed that Zoom collects data to send to Facebook, not forgetting the presence of two vulnerabilities that could be exploited together to gain access to a system with Zoom installed. The seriousness of these issues varies depending on the user’s device.

Zoom has also intentionally lied to its users. The platform claimed end-to-end encryption for each session; however, cloud security course specialists found that video conferencing sessions were not fully protected and, to worsen the landscape, some of the encryption keys for Zoom audio and video were delivered to users through servers located in China, which made many doubt the privacy in the service. The company had to modify its propaganda, making it clear that it did not have end-to-end encryption.

Peter Singer, a cybersecurity specialist, believes that using this platform may be inappropriate, especially when many other organizations (companies, universities, among others) have chosen to stop using Zoom: “This may not be a problem for the DOD right now; a threat actor could access minimal portions of seemingly useless information. However, this systematic data collection task could be very useful in the long run,” the expert said.

In the long run, a potential Zoom-based attack scenario could allow for deep fake conferences. According to the International Institute of Cyber Security (IICS), Zoom’s current features would not be sufficient to protect a session against this attack variant, mainly due to the quality of the transmissions.

Clearly, Zoom has serious security drawbacks. Cloud security course specialists believe that, before a trial is made against the platform, extensive research should be conducted and determine whether there is premeditation in the errors existing on the platform, as current conditions in the world will continue to favor growth in the use of this service, and new users should be fully aware of what protections Zoom offers.