cancel
Showing results for 
Search instead for 
Did you mean: 

Security concerns

glocrutch
Newcomer
Newcomer

I have begun to get random emojis popping up during confidential Zoom meetings. These pop-ups are not generated by me nor my clients. I now have significant privacy concerns. I thought the hipaa secure Zoom plan would prevent things like this but now I am very concerned and disappointed. How can I contact Zoom security about these issues? 

1 ACCEPTED SOLUTION

Hi @ZoomZoomZoom007 I'm Andy, the creator of ZoomOSC. I'd like to offer you and our other readers some information about the application in response to your claims. ZoomOSC does NOT have the ability to do things like snooping on private DMs between far-end users, see who someone else has pinned, etc. ZoomOSC is built upon the Zoom Meeting SDK, which itself follows the business logic of the Zoom Workplace app with regard to the meetings experience. For example, if the Zoom Workplace app could not see a message between users, then ZoomOSC in the identical context would not have the ability to read and export that message to OSC because the Meeting SDK would not surface it. ZoomOSC and the Meeting SDK are not designed to manipulate restrictions imposed to Zoom Workplace. Instead, they are powerful tools for accessing the capabilities of Workplace in the context where those capabilities are operable. In addition, for any lingering concerns about ZoomOSC's legitimate capabilities, users have a plethora of management tools at their disposal thanks to the Zoom App Marketplace. For example, ZoomOSC triggers the Active App Notifier, revealing to all Zoom participants that a Meeting SDK application has access to certain data with hyperlinks for further reading. Admins can control the presence of ZoomOSC or other Meeting SDK applications in their meetings and webinars. And the best part of all of this work is that you don't need to take my word for it. You can independently review the validity of my claims by visiting the https://developer.zoom.us website and referencing documents like our Meeting SDK for macOS guides https://developers.zoom.us/docs/meeting-sdk/macos/ which includes the SDK reference. I hope you take the time to review!

View solution in original post

8 REPLIES 8

Prartho
Newcomer
Newcomer

I have the same concern... Anybody know what's happening here? Is the meeting being hacked?

CarlaA
Community Moderator | Employee
Community Moderator | Employee

Hi @glocrutch @Prartho ,

 

What device are you on when this occurs?

 


Carla (she/her/hers)
Zoom Community Team
Have you heard of Zoom AI Companion?

Sblair
Newcomer
Newcomer

I am on a mac.  

Sblair
Newcomer
Newcomer

and I have the same issue of a thumbs down or balloons randomly coming into private Zooms with no one touching anything ... 

Prartho
Newcomer
Newcomer

I did solve my issue with emoji pop-ups... I am on a new Macbook Air that apparently "reads" facial expressions and emojis them! I turned it off on my Mac and there are no more unprompted pop-ups.  

ZoomZoomZoom007
Newcomer
Newcomer

If I had to guess, someone in the meeting is using Zoom OSC. If someone present is a programmer or advanced in the tech world, that is who I would be looking at. The truth is there are alternate versions of zoom which give the participant ability to perform a wide range of actions which have the potential to compromise the privacy of others within a room. Someone with Zoom OSC can not only read any private conversation in the room, they can also see who a participant has pinned, as well as a participant’s IP address. They can even send messages posing as a separate participant in the room without anyone knowing these abnormalities are occurring. It is a powerful tool which offers endless possibilities to manipulate the standard restrictions set on Zoom Workplace.

Hi @ZoomZoomZoom007 I'm Andy, the creator of ZoomOSC. I'd like to offer you and our other readers some information about the application in response to your claims. ZoomOSC does NOT have the ability to do things like snooping on private DMs between far-end users, see who someone else has pinned, etc. ZoomOSC is built upon the Zoom Meeting SDK, which itself follows the business logic of the Zoom Workplace app with regard to the meetings experience. For example, if the Zoom Workplace app could not see a message between users, then ZoomOSC in the identical context would not have the ability to read and export that message to OSC because the Meeting SDK would not surface it. ZoomOSC and the Meeting SDK are not designed to manipulate restrictions imposed to Zoom Workplace. Instead, they are powerful tools for accessing the capabilities of Workplace in the context where those capabilities are operable. In addition, for any lingering concerns about ZoomOSC's legitimate capabilities, users have a plethora of management tools at their disposal thanks to the Zoom App Marketplace. For example, ZoomOSC triggers the Active App Notifier, revealing to all Zoom participants that a Meeting SDK application has access to certain data with hyperlinks for further reading. Admins can control the presence of ZoomOSC or other Meeting SDK applications in their meetings and webinars. And the best part of all of this work is that you don't need to take my word for it. You can independently review the validity of my claims by visiting the https://developer.zoom.us website and referencing documents like our Meeting SDK for macOS guides https://developers.zoom.us/docs/meeting-sdk/macos/ which includes the SDK reference. I hope you take the time to review!

I still want a report of all the meetings that have been shared.