Zoom CEO issues apology on privacy red flags

In light of cybersecurity flaws and questionable privacy policies, Zoom has come under pressure to address users' concerns.
3 April 2020

Zoom is providing teleconferencing services to millions working from home. Source: Shutterstock

In less than one month, millions of workers have suddenly found themselves working from home. A business’s locale is now scattered across the households of its employees – and the need to keep communications open has made teleconferencing the new norm.

Top-ranking video conferencing tool Zoom serves an average of 13 million users per month, but in March this spiked to 200 million users per day — a dramatic increase from about 10 million in December.

With ‘Zoom’ becoming a verb in itself, the platform has become the go-to for any and all meetings, and not just for run-of-the-mill corporate meetings; UK prime minister Boris Johnson has used it host cabinet meetings, while social distancing measures have seen it host anything from from weddings, religious events, and birthday parties.

Zoom is winning the popularity contest for organizations trying to adjust to the new situation, but with a spike in uptake, a shadier side has emerged around privacy due to its questionable configuration and policies.

Capable of hosting up to 100 users, the California-based company outshines other competitors such as Microsoft’s Skype and Teams, and Cisco’s Webex in terms of accommodating dozens of individual dial-ins. But issues surrounding the company’s privacy policies have raised red flags for users, security researchers, and the authorities.

Early this week, the United States FBI (Federal Bureau of Investigation) issued a warning against “Zoom-bombing,” where trolls and hackers hijack public video calls.

The issue took center-stage following two reports of bad actors invading school sessions and shouting profanities, as well as sharing pornography. The FBI urged users not to share links widely and to stop making Zoom meetings public to lower the chances of ‘teleconference hijacking.’

After the spate of reports alleging that the app’s public meetings were being hijacked and invaded, some security experts are calling out Zoom on their claim that they implement end-to-end encryption for all meetings.

A former cyber-warfare specialist with the US Marine Corps, David Kennedy, explained that Zoom relies on transport encryption, where the video and audio content is only secured while it’s en route from a video call to the company’s servers.

“That means Zoom effectively functions as a middleman in all video conversations on its platform and has access to those conversations,” Kennedy, now a founder of cybersecurity form Trusted Sec, told CNN. 

The Intercept, an investigative news site, first flagged the privacy concern. In other words, the article elaborated: “When you have a Zoom meeting, the video and audio content will stay private from anyone spying on your Wi-Fi, but it won’t stay private from the company.”

With waves of privacy concerns and reports making global headlines this week, Zoom’s CEO Eric Yuan apologized on Thursday and officially announced an outline of how the company plans to deal with its security shortcomings.

We recognize that we have fallen short of the community’s — and our own — privacy and security expectations,” Yuan said in its blog. “For that, I am deeply sorry, and I want to share what we are doing about it.”

Some of the actions Zoom will take for the next 90 days include, dedicating resources to fix privacy issues while other projects are put on hold, implementing a bug bounty program that pays for any flaws discovered, and consulting with third-party experts.

In addition to this, Yuan will hold a weekly webinar to update their progress.

Even though the company is set on revamping its safety and privacy measures, the recent backlash has pushed some companies to ban the use of Zoom completely.

SpaceX, Elon Musk’s rocket company, has banned its employees from using Zoom. The California-based company has disabled all access to the videoconferencing app after US law enforcement warned users of its privacy and security flaws.