The complete digitization of education has come far earlier than anyone had predicted or, frankly, wanted. As the COVID-19 pandemic forces billions of people across the globe into isolation, schools and universities, as well as a large number of businesses, have migrated to cyberspace. Zoom, a remote conferencing service, has dominated the market during these opportune times. However, various tech media and cybersecurity researchers have recently reported critical security flaws within the platform. Until this year, most people had never even heard of Zoom; and now it may be hearing everything.
Zoom has been the perfect program for the current situation. It provides catered video conference features and a high capacity limit without fees or installations. The fact that such a product is ready-made has been a blessing for all types of institutions scrambling to find an alternative at the brink of a new academic term. Zoom has been especially vital for universities, including KAIST. It has filled in for the inadequacies of KLMS, which was never designed to function as the primary academic service in the first place. Similarly, many schools lack the infrastructure and funding to alter or create a new online learning system to bear the sudden burden.
That’s where Zoom took over. As nearly 100,000 schools flocked to Zoom, the company even gave out free premium licenses. Funny happenings on Zoom meetings circulated on social media, ranging from dog interventions to more unfortunate webcam incidents. Since January, Zoom stocks have more than doubled.
Such scope and availability are precisely why Zoom’s security problems are so fatal. The research group Citizen Lab from the University of Toronto has found different types of security risks innate within Zoom. First and foremost, the encryption system is not “end-to-end” — simply put, it means Zoom can access or leak information, even if outsiders can’t. Yet outsiders certainly can; cybersecurity researchers showed that malicious attackers could eavesdrop on meetings or access user files via chat links. FBI warned against “Zoombombing”, which describes malicious hijacking of meetings, such as displaying inappropriate images on screen. Leaked Zoom recordings have circulated online. Meanwhile, Zoom’s own policies and features made it possible for group emails to be exposed to thousands of strangers. Zoom’s security measures are just not up to the standard industry protocol.
These discoveries have made many institutions wary of the product, particularly in the US. Several districts and individual schools, such as New York City and Las Vegas, have denounced the use of Zoom for the fear of privacy violation and information leaks. Taiwan, as well as Singapore, also banned any governmental use of the service over cybersecurity concerns. On the industrial side, SpaceX stopped using the software.
The implications of the vulnerabilities are unimaginably huge. The number of users has increased from 10 million last December to 200 million as of April. For these users, Zoom is not a luxury, but a necessity. Zoom CEO Eric Yuan has admitted the glaring problems and has made a statement to handle the issues as soon as possible. While Zoom scrambles to deal with the holes in the system, we are responsible for formulating Plans B to Z. But while alternatives such as Google G Suite for Education and Microsoft Teams do exist, schools and companies can’t be expected to change over to a new medium in the middle of operation so easily.
The Zoom situation outlines the crux of the social turmoil wrought by the pandemic. The success of a community does not lie in its ability to predict what will happen. It is not in action, but rather in reaction that truly speaks to the capabilities of the group. Every time a new hurdle is placed on the field, we need to find a way to jump over, walk around, or crash through it. The difficulties of this year demand us to constantly adapt; to not remain complacent. For now, refrain from sharing personal information on Zoom as much as possible. Look for other similar services. We must not sacrifice our basic security in the name of a crisis.