Can Hackers Eavesdrop on Your Zoom Meetings?


Zoom is an excellent VoIP (Voice over Internet Protocol) app – it’s no wonder the company saw immense growth during and even after the pandemic!

While Zoom is safe to use, it’s not perfect. Does that mean hackers could eavesdrop on your meetings then?

Not really – they used to be able to do that, but not anymore. However, they can still compromise your privacy while using Zoom if you’re not careful. We’ll show you how, and we’ll also tell you how to stay secure on Zoom.

Hackers Used to Be Able to Compromise Zoom Meetings

At the start of 2020, it was revealed that Zoom actually had a vulnerability that would have allowed cybercriminals to directly eavesdrop on Zoom meetings. Basically, they could have listened into the whole conversation, and also access files and information shared during the meeting.

Here’s what went down:

  • All Zoom calls have a unique ID number that’s randomly generated. The ID’s length varies from 9 to 11 digits. Essentially, you use the ID as a sort of address to find and join a call.
  • The security researchers who found the vulnerability discovered that you could actually predict valid meetings. 
  • They were only able to successfully predict valid meetings 4% of the time, but they still managed to join some of them.

Overall, a pretty scary discovery. When you’re on a meeting with tons of people, you might not notice that an uninvited stranger might join in.

The good news is that the security researchers disclosed the vulnerability to Zoom and the company quickly fixed it. There’s no way for hackers to scan for valid meetings anymore. Repeated attempts will result in Zoom temporarily blocking their devices.

So as long as you use the latest Zoom version on your device, you don’t need to worry about this problem. If you use the online platform, you’re automatically using the latest version.

So Is Zoom 100% Safe to Use?

Zoom itself is safe, but – unfortunately – crafty cybercriminals can still abuse other vulnerabilities to spy on your traffic while you use Zoom.

If you use a public WiFi network with no passwords to have a Zoom meeting, a hacker could eavesdrop on your connection. The network doesn’t encrypt your traffic (since there’s no password needed). So, a skilled hacker could use packet sniffers to single out data packets and steal sensitive information (like your Zoom login credentials, for instance).

And even if you use a secured network, you’re still not out of the woods yet. Most hotspots encrypt traffic with WPA2, but that encryption level isn’t fool-proof. It’s actually vulnerable to a cyber attack. And its successor, WPA3, has its fair share of security vulnerabilities too.

Not only that, but hackers could trick your device into connecting to a fake network. If that happens, they’ll be able to monitor all your traffic.

Doesn’t Zoom Use Encryption?

Yes, Zoom encrypts your traffic with powerful 256-bit AES encryption. It also has end-to-end encryption, but it’s not enabled by default. Also, if it’s enabled, all meeting members need to join the Zoom call with the desktop or mobile app, or with Zoom Rooms.

But the problem is with your connection to Zoom’s platform, not your Zoom connection. If hackers can abuse weak network security to spy on your connection requests to Zoom, they could steal sensitive data. Also, they could use MITM attacks to redirect your connections to fake Zoom sites.

How Do You Secure Your Zoom Traffic Then?

The best solution in our opinion is to use a VPN (Virtual Private Network), an online app that can encrypt your traffic end-to-end (and it does it by default).

Basically, VPNs route all your traffic through a VPN server. All the data that passes from the VPN app to the VPN server is encrypted end-to-end, so nobody can spy on it. The VPN server then forwards the data to Zoom which encrypts it, so no hacker can eavesdrop on it.

Sure, cybercriminals can still try to spy on your connections, but they’ll only see gibberish. Instead of connection requests heading to Zoom’s platform, they’ll only see random strings of numbers and letters, like so: HGgh5398yhgsfggfr234.

Also, here are two other cool security perks VPNs offer:

  • Anti-DDoS protection – Nobody can DDoS your Zoom call because the VPN hides your IP address. Without it, hackers can’t target your network with DDoS attacks.
  • Ad blockers – Besides getting rid of annoying ads, VPN ad blockers also protect you from MITM attacks. They block connections to malicious sites, so cybercriminals can’t successfully redirect your traffic to fake Zoom sites.

What If You Only Want to Encrypt Zoom Traffic?

Maybe you don’t want to encrypt all your Internet connection (though, you really should to stay safe). But for the sake of this argument, let’s say you only want to encrypt your Zoom connection. What then?

Well, some VPNs have a feature called split-tunneling. It lets you choose which apps and websites use the VPN connection and which apps use your ISP’s network. You just have to configure the VPN to only route traffic from Zoom, and it will only encrypt that data.

Most top VPNs have split-tunneling – ExpressVPN, NordVPN, and Surfshark are some great examples. On top of split-tunneling, you also get excellent security features, fast speeds, and easy-to-use apps on pretty much all platforms. They also have cheap long-term prices and 30-day money-back guarantees (so you buy with no risk). Also, Surfshark allows unlimited connections, so it’s perfect if you have a large team that needs to secure their Zoom traffic.

How Do You Secure Your Zoom Meetings?

Do you just enable end-to-end encryption and call it a day? Or do you also use a VPN together with Zoom? Are there any other security tools you use to stay safe?

Please share your experiences with us in the comments.