SecureMac, Inc.

The Checklist Podcast

SecureMac presents The Checklist. Each week, Nicholas Raba, Nicholas Ptacek, and Ken Ray hit security topics for your Mac and iOS devices. From getting an old iPhone, iPad, iPod, Mac, and other Apple gear ready to sell to the first steps to take to secure new hardware, each show contains a set of easy to follow steps meant to keep you safe from identity thieves, hackers, malware, and other digital downfalls. Check in each Thursday for a new Checklist!

Checklist 216: Zooming into 2021

Posted on January 28, 2021

This week on the Checklist, iMore’s Stephen Warwick joins us to discuss all things Zoom. We’ll cover:

  • Zoom then and now
  • How to make Zoom calls safer
  • An Apple updates update

The Great Zoom Boom of 2020

The Zoom video chat and meeting platform has become a ubiquitous feature of work, education, and everyday life over the past year.

Zoom’s rise has been truly remarkable: Back in December 2019, the platform only had around 10 million active users. By April 2020, it had over 300 million daily meeting participants per day!

While it does have rivals (think Skype or Google Hangouts), Zoom’s ability to handle large group meetings has been crucial to its growth. In addition, services like Skype and Teams are often associated with business, which may have helped Zoom to position itself as a more casual, user-friendly alternative — ideal for families, close-knit teams, and students. Lastly, Zoom received a great deal of media coverage in the early days of the pandemic, which certainly helped to fuel its success.

Stephen Warwick is a writer for the Apple news and information website iMore.com. He joined us on the Checklist this week to discuss Zoom’s past challenges, and talk about how the company has improved. He’ll also share some advice on how to use Zoom more securely.

Zoom’s rise has been remarkable, but it hasn’t been entirely smooth. According to Warwick, the company has faced a great deal of public criticism for its perceived lack of security: 

“There were many security quirks and issues that came to light as Zoom grew in popularity.”

For one thing, Zoom was using macOS pre-installation scripts in a way that struck some observers as borderline malicious: the Mac app bypassed the user confirmation process that is normally required after an installation package is downloaded. The Zoom installer also used what some have called “misleading” prompts to get the user to grant it root privileges. While Zoom is a legitimate app, similar tactics are often used by macOS malware — meaning that this, in Warwick’s words, “wasn’t a great look” for Zoom.

Bad enough, but there were other, arguably more serious concerns about Zoom’s security. Critics felt that the Zoom misrepresented its service as providing end-to-end encryption (E2EE) — the sort of security offered by encrypted messaging apps like Signal and Telegram — when this simply wasn’t true: Upon closer inspection, it was discovered that Zoom’s encryption was not truly E2EE. In addition, researchers in Canada discovered that Zoom was routing data — some of it related to encryption keys — through China, which raised privacy concerns similar to what Apple faced over its relationship with Tencent.

Despite these issues, Warwick says Zoom was likely acting in good faith all along. More than anything, the company seems to have been unprepared rather than malicious, and he points out that Zoom has done many things in recent months to “clear its name”. Part of the issue, Warwick says, is that Zoom had simply never faced the kind of scrutiny that it experienced over the past year:

“Once Zoom became incredibly popular, everyone — including cybersecurity experts and analysts — started to take an interest”.

How to make Zoom safer

So are Zoom calls today actually safe?

They’re certainly much more secure than they used to be. Zoom has rolled out an E2EE option for meetings, albeit with some restrictions. They’ve taken steps to fence off users outside of China from Chinese servers. And they seem to have adopted more of a “culture of security” than they ever had before, communicating openly with their users about security issues and hiring security experts from big-name tech companies like Microsoft and Google.

And in fairness, some of the concerns that people have had about Zoom stem not from any weakness in the platform itself, but from users not following basic best practices for security. 

For example, the phenomenon of “Zoombombing”, in which uninvited guests crash a video conference call and engage in disruptive behavior, is often the result of administrators failing to password protect their meetings, or using weak or easily guessed passwords

In short, as long as users themselves are taking basic precautions, Zoom calls can be considered reasonably secure for everyday purposes.

Warwick says there are a number of steps that Zoom users can take to keep themselves and other meeting participants safe (and recommends this article as a good source of additional tips):

  • Use passwords to protect meetings, and only share this password with meeting participants.
  • Authenticate users so that only signed-in users can participate. 
  • Share information about upcoming meetings securely. If possible, send meeting invites and announcements privately, rather than posting meeting details in a public forum.
  • Use Zoom’s “waiting rooms” feature to screen new guests who are attempting to join the meeting.
  • Keep Zoom software — as well as all other software on your system — up to date.

The Checklist would like to thank Stephen Warwick for joining us. To read Stephen’s latest articles, head over to iMore.com, and to keep up with him on social media, be sure to follow him on Twitter.

An important iOS update

Apple has just released a critical round of updates:

  • iOS 14.4
  • iPadOS 14.4
  • tvOS 14.4
  • watchOS 7.3

These updates are considered high-priority, because they patch security flaws that are being exploited “in the wild” by malicious actors (at least according to the reports that Apple is receiving from security researchers).

In other words, this isn’t one of those times when you can safely hold off on an update to see if there are any issues: If you use one of the OSes listed above, it’s time to update right away. This article has more information about the security issues involved, as well as instructions for how to update your devices manually.

That brings us to the end of another Checklist. If you’d like to listen to past editions of the show, or read through the notes for those episodes, be sure to check out our archives. And if you’d like to submit an idea for a future Checklist, or ask a security question for us to answer on an upcoming podcast, feel free to send us an email!

Join our mailing list for the latest security news and deals