Zoom: Every security issue uncovered in the video chat app
With the novel coronavirus causing a surge in work-from-home activity, Zoom has quickly become the video meeting app of choice: Daily meeting participants on the platform surged from 10 million in December to 200 million in March.
And with that popularity comes its privacy risks extending to a greater number of people. From built-in attention-tracking features to recent upticks in "Zoombombing" (where uninvited attendees break into and disrupt meetings), Zoom's security practices have been drawing more attention -- along with three lawsuits against the company.
Here's everything we know about the Zoom saga, and when it happened. If you aren't familiar with Zoom's security issues, you can start from the bottom and work your way up to the most recent information. We'll continue updating this story as more issues and fixes come to light.
April 6
Some school districts ban Zoom
School districts began banning teachers from using Zoom to teach remotely in the midst of the coronavirus outbreak, citing security and privacy issues surrounding the videoconferencing app. New York's Department of Education urged schools to switch to Microsoft Teams "as soon as possible," Chalkbeat reported.
Zoom accounts found on the dark web
Cybersecurity firm Sixgill revealed that it discovered an actor in a popular dark web forum had posted a link to a collection of 352 compromised Zoom accounts. Sixgill told Yahoo Finance that these links included email addresses, passwords, meeting IDs, host keys and names, and the type of Zoom account. Most were personal, but not all.
"One belonged to a major US healthcare provider, seven more to various educational institutions, and one to a small business," Sixgill told Yahoo Finance.
Zoom seeks to grow its lobbying presence in Washington
Zoom's response to security concerns pivoted to Washington, DC. The company told Politico it was looking to grow its lobbying presence in Washington, and had hired Bruce Mehlman, a former assistant secretary of commerce for technology policy under President George W. Bush.
Urging an FTC investigation
In an open letter, the Electronic Privacy Information Center urged the Federal Trade Commission to investigate Zoom and issue privacy guidelines for videoconferencing platforms.
Sen. Richard Blumenthal, a Connecticut Democrat more recently known for spearheading legislation that critics say could cripple modern encryption standards, called on the FTC to investigate Zoom over what he described as "a pattern of security failures and privacy infringements."
Senator Blumenthal calls for an FTC investigation into Zoom over recent privacy and security issues pic.twitter.com/xuayLVMja2
— Joseph Cox (@josephfcox) April 7, 2020
Third class action lawsuit filed
A third class action lawsuit was filed against Zoom in California, citing the three most significant security issues raised by researchers: Facebook data-sharing, the company's admittedly incomplete end-to-end encryption, and the vulnerability which allows malicious actors to access users' webcams.
A third class-action lawsuit has been filed against @zoom_us over...
— Jonathan Dame
1) Facebook data-sharing issue uncovered by @josephfcox @motherboard
2) "End-to-end encryption" advertising issue raised by @yaelwrites @micahflee @theintercept
3) Alleged webcam vulnerability
You should read it
- Qualcomm released three new Snapdragon processors for mid-range phones
- Medical discovery: 'Drinking clean water increases the risk of asthma'
- Standing up for a job plaque, the homeless guy received an invitation from Google and hundreds of other companies
- How to create effects for photos on PowerPoint
- Google tested the domain registration service
- Simple ways to speed up your Mac
- Document Object Model (DOM) in JavaScript
- How to add 'Open PowerShell window here as administrator' to the right-click menu on Windows 10
- Good poems about IT people
- Top 10 good ganking teams in the arena of Truth 2 season
- Melted crayons can write on every surface of Crayola: new parents nightmare?
- Google Authenticator for Android supports moving accounts when exchanging new devices
Maybe you are interested
Enable or disable Secure Boot via the ASUS UEFI BIOS utility How to temporarily lock the computer when entering the wrong password many times How to Add a Password to a .Bat File How to use ASCII characters to create strong passwords How to prevent DDoS attack with Nginx Techniques to exploit buffer overflows: Organize memory, stack, call functions, shellcode