Zoom hires security chief as ire over its encryption climbs
The video communications app, used around the world amid the Covid-19 pandemic, has poor encryption leading to ‘zoom-bombing’
Bengaluru — Zoom Video Communications has tapped former Facebook security chief Alex Stamos as an adviser and set up an advisory board to improve the privacy and security of its rapidly growing video-conferencing app amid a global backlash.
The company is facing widespread criticism from users worried about the lack of end-to-end encryption of meeting sessions and “zoom-bombing”, where uninvited guests crash into meetings.
Taiwan and Germany have put restrictions on its use, while Elon Musk’s SpaceX has banned the app.
To address the concerns, Zoom has formed a CISO council, which includes chief information security officers of HSBC, NTT Data, Procore and Ellie Mae, to discuss privacy, security and technology issues.
It has also set up a board to advise CEO Eric Yuan on privacy issues. The initial members include security chiefs from VMware, Netflix, Uber and Electronic Arts.
One of the key moves was to hire Stamos, who handled the security of Facebook’s social media platform until his departure in 2018. He is currently an adjunct professor at Stanford’s Freeman Spogli Institute.
The German foreign ministry said in an internal memo to employees that security and data protection weaknesses made it too risky to use, newspaper Handelsblatt reported on Wednesday.
The memo added that as the system is in widespread use among the ministry’s international partners, it is impossible to ban its use entirely and that in crises employees could use it on private machines for professional purposes.
“Based on media reports and our own findings we have concluded that Zoom’s software has critical weaknesses and serious security and data protection problems,” read the memo cited by Handelsblatt.
A government source confirmed the authenticity of the memo but clarified that there is no restriction on using the desktop version of Zoom via a fixed-line connection, though confidential conversations should not be held as the application lacks end-to-end encryption.
Zoom’s daily users have exploded as the coronavirus pandemic has spread around the world, forcing millions of people to work from home, while schools have switched to its online app to hold classes online.
Taiwan’s cabinet has told government agencies to stop using Zoom’s conferencing app and other countries are considering a similar move, sources say.
On Tuesday, Zoom was sued by one of its shareholders, who accused it of accusing the video-conferencing app of overstating its privacy standards and failing to disclose its service was not end-to-end encrypted.
Shareholder Michael Drieu claimed in a court filing that a string of recent media reports highlighting the privacy flaws in Zoom’s application had led to the company’s stock plummeting. Last week, Yuan apologised to users, saying the company had fallen short of the community’s privacy and security expectations, and was taking steps to fix the issues.