Videoconferencing vendor cited for privacy flaws as use by at-home workers surges
As millions of employees and students around the world suddenly find themselves working and studying from home due to the coronavirus pandemic, the demand on videoconferencing companies like Zoom is skyrocketing. Zoom has seen use of its technology rise sharply, but it’s also rushing to respond to privacy and security issues that continue to snowball.
The Lowdown: Zoom has been beset by a number of news articles, threat researchers’ reports, and incidents that have highlighted the security shortcomings in the company’s products and convinced some high-profile organizations to stop using its technology.
The Details: The issues facing Zoom include what has become known as “zoom-bombing” (uninvited guests jumping onto Zoom conferences and disrupting them), information being sent from devices using the Zoom iOS app to Facebook, and Zoom sharing e-mail addresses and photos of thousands of Zoom users. The company also was criticized by the investigative news site The Intercept for not having end-to-end encryption despite marketing that had promoted the capability.
Zoom officials admitted that, while it encrypts content from meetings in which all participants are using the Zoom app and the meetings aren’t being recorded, it can’t encrypt content when participants log in using other devices.
The privacy and security issues have led to organizations like NASA and Elon Musk’s SpaceX to prohibit employees from using Zoom. In addition, agencies from the FBI to the New York Attorney General’s Office have begun looking into the problems and issuing warnings about the use of Zoom technology.
The company has been making fixes – such as removing the Facebook SDK from its iOS client – and updating users about the moves in a series of blog posts for more than a week. In an April 1 blog post, CEO Eric Yuan noted that Zoom initially was built for larger enterprises that have full IT staffs, adding that “we did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home. We now have a much broader set of users who are utilizing our product in a myriad of unexpected ways, presenting us with challenges we did not anticipate when the platform was conceived.”
The Impact: For Zoom and other videoconferencing vendors, the surge in at-home working has been a boon, but the concerns over security and privacy threaten to derail that. Yuan noted that at the end of December 2019, the maximum number of daily meeting participants in Zoom meetings was about 10 million. In March, the demand reached more than 200 million daily participants. Such demand will likely continue in the coming months as the outbreak spreads.
The Buzz: “For the past several weeks, supporting this influx of users has been a tremendous undertaking and our sole focus,” Yuan wrote in the blog post. “We have strived to provide you with uninterrupted service and the same user-friendly experience that has made Zoom the videoconferencing platform of choice for enterprises around the world, while also ensuring platform safety, privacy, and security. However, we recognize that we have fallen short of the community’s – and our own – privacy and security expectations. For that, I am deeply sorry.”