Zangi Blog

Are Zoom, Slack, WhatsApp secure? What secure tools to use when working from home?

Due to the current Coronavirus pandemic and the quarantine, many of us are now using Zoom for video conferencing whether it’s for school, college, the gym or for work.

In this post, we take a look at the apps: Zoom, Slack, WhatsApp and their privacy measures. And we’ll also highlight which secure tools to use when working from home. 

 

Zoom

According to Zoom’s website, here are the security possibilities on Zoom:

  • Secure a meeting with end-to-end encryption (recent source investigated that this isn’t that true)
  • Expel a participant or all participants
  • Lock a meeting
  • Screen share watermarks
  • Enable/disable a participant or all participants to record
  • Temporary pause screen-sharing when a new window is opened
  • Password protect a meeting
  • Only allow individuals with a given e-mail domain to join

Zoom Privacy Flaws

Zoom’s privacy policy claims the right to collect and store personal data, and share it with third parties such as advertisers. That extends to  “the content contained in cloud recordings, and instant messages, files, whiteboards … shared while using the service.” Videos aren’t off-limits, according to the document, and neither are transcripts that can be generated automatically, the documents you share on your screen, or the names of everyone on a call. Source link Other privacy flaws are listed below:

  • Zoom is able to monitor the activity on your computer
  • Zoom collects info about which programs are currently running
  • Zoom captures which window you have in focus
  • Zoom gives administrators full power to track attendees’ attention with an indicator that points out when a participant isn’t in focus for more than 30 seconds
  • Zoom intentionally designed its web conferencing service to bypass browser security settings and remotely enable a user’s web camera without the knowledge or consent of the user
  • Zoom exposes users to the risk of remote surveillance, unwanted video calls, and denial-of-service attacks
  • Zoom sells, and will sell your data when needed.

How to Use Zoom More Securely

  1. Use two devices during Zoom calls: If you are attending a Zoom call on your computer, use your phone to check your email or chat with other call attendees. This way you will not trigger the attention tracking alert.
  2. Do not use Facebook to sign in: It might save time, but it is a poor security practice and dramatically increases the amount of personal data Zoom has access to.
  3. Keep your Zoom app updated: Zoom removed the remote web server from the latest versions of its apps. If you recently downloaded Zoom, there’s no need to be concerned about this specific vulnerability.
  4. Take care when screen sharing. Ensure there are no applications, images or videos visible that might expose personal or confidential business data. Check which tabs are visible in the top bar of your browser.
  5. Be aware of the privacy policies and features of the software you’re using. For example the attention tracking feature and other policies on data collection and sharing.
  6. As the host, turn on the 2FA and require authorized email addresses for any in-house meeting.
  7. Restrict screen sharing without permission, remove unwanted or disruptive participants from a Zoom meeting, and mute participants or turn off their video.
  8. Keep the meeting secure from those outside the call. Account managers should ensure that end-to-end encryption is enabled to prevent snooping of traffic, particularly if remote workers are connecting to meetings from outside of the company’s secure VPN network.
  9. Remember that video meetings can be recorded by any participant, and that raises issues of confidentiality and leakage.
  10. Ensure that endpoints are protected by a security platform that can protect against malware, malicious devices and network compromise. Source link

For a full list of more secure tools to use when working from home alternatives, scroll to the end of the article.

Slack

According to Slack’s website, here are their security measures:

  • Ensure that only the right people and approved devices can access your company’s information in Slack with features like single sign-on, domain claiming and support for enterprise mobility management.
  • By default, Slack encrypts data at rest and data in transit for all of our customers. We further protect your data with tools like Slack Enterprise Key Management (Slack EKM), audit logs, and integrations with top data loss prevention (DLP) providers.
  • Slack offers governance and risk-management capabilities flexible enough to meet your organization’s needs, no matter what they are. This includes global retention policies, custom terms of service, and support for eDiscovery.

Slack Privacy Flaws

  • It is relatively trivial for an attacker on a compromised machine to exfiltrate all of a user’s entire Slack workspaces, chat messages, files and history.
  • Attackers can gain current access to the workspace by stealing the stored session cookies on the user’s machine. Having acquired the data, the attacker can then start up a virtual machine instance, install the Slack app, and copy the stolen data to the same location on the VM from where it came (the user name need not be the same). Launching Slack will then log the attacker into the user’s workspaces and give them full, live access. Although this activity will be recorded in the workspace Access Logs on the server-side, it will not be obvious to the user unless the attacker actively tries to impersonate the user in the workspace.
  • It’s possible for a malicious app to exfiltrate this data without the victim’s awareness.
  • When using Slack, businesses have to delegate their most private data and communication to Slack. 

How to Use Slack More Securely

  1. Ensure all company devices have a good EDR solution to prevent malware from infecting the system to start with.
  2. Educate users and IT admins about the need to regularly sign out of other devices. This may or may not require a password depending on your workspace settings.
  3. Remind users to change passwords on a regular basis and to set up 2FA for Slack. With workspace platforms like Slack, changing passwords can be easily overlooked. Workspace owners and users can review access logs to check whether any unknown devices have been logged into the account.
  4. More on how to increase security for your Slack workplace

 

WhatsApp

According to the WhatsApp’s website, here are their security measures:

  • WhatsApp’s end-to-end encryption is available when you and the people you message use the app.
  • WhatsApp calls are end-to-end encrypted so WhatsApp and third parties can’t listen to them.
  • WhatsApp doesn’t store your messages on our servers once we deliver them, and end-to-end encryption means that WhatsApp and third parties can’t read them anyway.
  • WhatsApp lets you check whether the calls you make and messages you send are end-to-end encrypted. Simply look for the indicator in contact info or group info.

WhatsApp Privacy Flaws

  • WhatsApp shares your messaging meta data with Facebook if you do not opt-out in the settings. If you use the same phone number for WhatsApp and Facebook, the profiles can easily be linked.
  • Links to chats are still available–and a new report finds some sensitive groups online, an intentional product decision”, and group admins “can invalidate the link if so desired.
  • WhatsApp is owned by Facebook, which is integrating the messaging service at the back end with Facebook Messenger and Instagram. The move is intended to support the end-to end-encryption needed for secure communications, but many see it as a cause for concern. Source link

For truly secure business calls, management and messaging, there are also other alternatives—that don’t want to monitor you and with fewer privacy burdens listed below.

What secure tools to use when working from home?

Skype (owned by Microsoft), Messenger (owned by Facebook) or the other US-based Zoom or Slack are popular and have a lot of users, but that doesn’t mean they’re the most secure.  Look for secure tools to use when working from home that follow the European General Data Protection Regulation (GDPR). These are a stricter set of laws than those of US data-collecting apps. he full text of GDPR contains 99 individual articles.

Zoom Alternative-  Whereby

whereby.com

Whereby, developed in Norway, adheres to the GDPR regulations. GDPR places limits on what organizations can do with personal data. Whereby has much fewer third party cookies, is encrypted, it has a clear delete policy (probably because it is GDPR-compliant), all content is encrypted and data is stored in the EU. Thanks to the technology called Web Real-Time Communication, Whereby allows communicating in browsers just by creating and sharing a URL, so you don’t have to download an app. Whereby’s business model doesn’t include selling your data. Instead, it offers a paid service, where it makes its money.

Zoom & WhatsApp Alternative – Signal

signal.org

Signal secure tools to use when working from home offers end-to-end encrypted voice, video, text, and photos, and it’s been endorsed by the Electronic Frontier Foundation. It is really simple to register, you just download from the iOS or Android app store on your device. To make a video call, both users will need the mobile app, there is a desktop app, but it does only allow chat and not not video.

 

Slack, Zoom, WhatsApp Alternative- Zangi 

zangi.com

Zangi offers a free messenger and HDcalling app that is fast, encrypted, GDPR-compliant, doesn’t keep data on any servers whatsover. It has 3 levels of encryption, encrypting calls, files and messages. Zangi Download

For Business: Zangi also has Business solutions for companies who want fully secure and independent communication within a system set up on their own servers.  You’ll have a safe place for all your calls, conferences, messages and collaboration, and the app will be under your own name and branding.

Advantages

  • With WhatsApp for Business, you have to adapt your business to WhatsApp and its interface, whereas Zangi for Business fits its solutions and branding to the customer’s business.
  • When using Slack, businesses have to delegate their most private data and communication to Slack. But with Zangi for Business, your security and privacy are in your own hands, nobody else can ever have access to your data.
  • Skype only lets you set up the backend system on the customer side. And since the client applications belong to Skype, the customers have to delegate their data to them. With Zangi for Business, customers can acquire both back-end solutions and front-end applications.

Get in Touch

Send us a note using the form below and we will get in touch with you shortly.

send Your message has been successfully sent. Failed to send message, please fill the form.

 

You Might Also Like

    No related posts found