Zoom Use Skyrockets, Revealing Privacy and Security Issues

Remote conferencing services company Zoom Video Communications has become an overnight success as more Americans stay home during the coronavirus pandemic. Zoom, once mainly used by businesses, is now being used for everything from yoga courses to happy hours, but is also stretching the tool’s limits to serve both those who pay for the premium service and consumers who gravitate to the free version. There’s also a dark side to Zoom’s uptick: online trolls who “Zoombomb” meetings, and concerns about the San Jose-based company’s privacy policies.

The Wall Street Journal reports that, as a result of its wide usage, “Zoom shares have more than doubled this year, taking the company to a market capitalization of $42 billion, at a time the S&P 500 has retreated about 20 percent.” But Zoom’s customer support has been lagging for the 81,900 paying clients that have more than 10 employees. One of those, Futurum Research founding partner Daniel Newman reported trying to get help through a live chat service but finding 600 people were already in the queue. “It seems their sales and user growth has far outpaced the infrastructure,” he said.

Zoom chief marketing officer Janine Pelosi noted that, “it’s fair to say this is an unprecedented time,” adding “our company is doing everything in our power to support our customers.”

A design flaw led to “a spate of so-called Zoombombing attacks, in which people take advantage of a screen-sharing feature in public conference calls to hijack the sessions, often to spread hate speech or flash disturbing images.” The FBI has warned of these instances, urging users to “take steps to mitigate those threats.” Pelosi responded that, for education users, “the default setting now is set so screen sharing isn’t automatically permitted.”

Wired reports on the backlash to “Zoom’s security and privacy failings,” such as sending data to Facebook “without notifying users, even if they had no Facebook account.” Zoom fixed that flaw and also “updated its privacy policy … after a report revealed that the old terms would have allowed the company to collect user information, including meeting content, and analyze it for targeted advertising or other marketing.”

Wired also pointed out “Zoom’s attention-tracking feature, which lets the meeting host know if an attendee hasn’t had the Zoom window in their screen’s foreground for 30 seconds” as well as the false claim that the tool was ‘end-to-end encrypted’.” Recently, macOS security researcher Patrick Wardle disclosed “two new security flaws he found during that brief analysis.”

“The most important takeaway, says Wired, is that regular users should “simply … think carefully about their security and privacy needs for each call they make,” adding that WhatsApp, FaceTime and Signal “could be a better fit for sensitive gatherings.”

Reuters reports that Elon Musk’s concerns over Zoom’s privacy and security issues led him to ban SpaceX’s 6,000+ employees from using the video conferencing tool. His ban came “days after U.S. law enforcement warned users about the security of the popular app.” It also “illustrates the mounting challenges facing aerospace manufacturers as they develop technology deemed vital to national security while also trying to keep employees safe from the fast-spreading respiratory illness.”

Related:
Zoom Freezes Feature Development to Fix Security and Privacy Issues, TechCrunch, 4/2/20
Zoom Grapples With Security Flaws That Sour Users on App, Bloomberg, 4/2/20