The video conferencing app Zoom has come under scrutiny following a string of cybersecurity and data privacy incidents. The concerns have become so serious, they’ve prompted a letter from the New York Attorney General and a public statement by the Federal Bureau of Investigation (FBI).
The incidents come at the worst time possible for both the company and its users. Non-essential workers in America are almost exclusively working from home as social distancing and shelter-in-place policies require businesses to shut their offices.
These workers — along with students in online classes, public officials and church-goers — have come to rely on Zoom to hold important meetings and attend virtual events.
Zoom struggles to handle cybersecurity issues
One major concern is a kind of online harassment called “Zoombombing,” in which hackers hijack calls to post hate speech and display pornography. Zoombombers have disrupted everything from an Alcoholics Anonymous meeting in New York to online classes at the University of Southern California. NPR recently reported on a Ph.D. student whose virtual thesis defence was hijacked by Zoombombers.
The same vulnerabilities that allow Zoombombers to harass Zoom users may also allow hackers to spy on conversations and steal user information.
The concerns around these attacks have grown so severe that the FBI released a statement about the trend to advise users of the best security practices to use when working with Zoom. The statement also included a link where Zoom users could report instances of teleconference hijacking.
Other problems exist, too, beyond Zoom cybersecurity concerns. The website Motherboard recently found that Zoom was sharing analytics data about its users with Facebook — including information about people who don’t have Facebook accounts.
A spokesperson for Zoom confirmed the company is aware of the current issues and is working to address them. In a blog post from early April, Zoom CEO, Eric Yuan also said the company was enacting a “feature freeze” and shifting all engineering resources to focus on privacy and security issues.
Companies, governments begin to drop Zoom
However, many believe the company hasn’t gone far enough or moved quickly enough with handling these concerns.
Major organisations, fearing potential security risks, have gone so far as to ban employee use of the app outright. Elon Musk’s SpaceX recently requested that employees stop using the app for videoconferencing. Google has also given its employees the same order. On 8 April, Taiwan barred all use of official Zoom, becoming one of the first governments to do so. The German government introduced similar measures on the same day.
This isn’t the first time this remote work video chat platform has come under fire for its security and privacy practices. Last year, a researcher found a security flaw in the app that could allow hackers to gain control of Mac cameras. However, the company has never experienced such intense scrutiny before — and this is the first time we’ve seen businesses and governments ban its use.
Zoom’s shares collapsed in early April, wiping out most of the company’s gains since the beginning of the coronavirus pandemic. By 10 April, the brand’s share value slowly began recouping some of those losses.
How COVID-19 is exposing cybersecurity flaws
Zoom isn’t the only company struggling under the increased scrutiny and pressure of the current crisis. The outbreak has prompted a surge of new scams, hacking attempts and misinformation many companies are finding difficult to handle.
A UK-based domain name registrar shut down more than 600 domain names in an attempt to combat scammers trying to take advantage of the crisis to sell fake vaccines, protective equipment and fraudulent remedies.
Popular messaging platform WhatsApp has limited users’ ability to forward highly-popular messages in an attempt to cut down on the amount of coronavirus misinformation spreading throughout the platform. In the past, WhatsApp has come under fire for hosting misinformation. This is the first time, however, that the platform has taken major steps to combat the issue.
Hackers, looking to take advantage of the number of people working from home, are generally stepping up their operations. Cybersecurity researchers have reported a drastic uptick in the amount of scam emails sent over the past few weeks.
Zoom continues failing to meet the mark on cybersecurity, privacy
While Zoom has pledged to resolve the security issues, many major companies are already abandoning ship. The current crisis may provide an opportunity for other videoconferencing platforms — like Google Meet or Microsoft Chat — to swoop in and secure some of Zoom’s massive audience.
However, there’s no guarantee that a new remote work video chat platform wouldn’t also struggle with similar cybersecurity and privacy issues.
Kayla Matthews is a cybersecurity journalist and technology writer whose work has been featured on the National Cyber Security Alliance, Computerworld, Information Age and Digital Trends, among other publications. To read more from Kayla, please visit her blog at productivitybytes.com.