Security experts call Zoom a 'privacy disaster'

(Image credit: Pixabay)

Many people are finding out what it is like to work from home because of the Covid-19 outbreak, which in turn has led to a surge in the use of video conferencing software. Zoom in particular has seen a massive uptick in usage. While that's a good thing for Zoom, it has also raised concerns about the platform's privacy and security.

Just how popular is Zoom these days? As spotted by The Guardian, daily traffic to the Zoom.us download page experienced a 535 percent surge in daily traffic over the past month, according to data from web analytics firm SimilarWeb. And according to SensorTower, Zoom's iPhone app has been downloaded more than any other app in the US for the past several weeks.

This sudden rise has put Zoom under scrutiny, both by security researchers and New York Attorney General Letitia James. The New York Times reports that James recently sent a letter to Zoom asking what security measures it put in place to deal with the increased traffic. The letter also raised some security concerns, saying Zoom has been slow to address vulnerabilities "that could enable malicious third parties to, among other things, gain surreptitious access to consumer webcams."

Zoom responded in a statement, saying it "takes its users' privacy, security, and trust extremely seriously."

"During the Covid-19 pandemic, we are working around the clock to ensure that hospitals, universities, schools and other businesses across the world can stay connected and operational," Zoom added.

Some see Zoom's statement as little more than lip service. Earlier this week, the FBI issued a warning over the practice of "Zoom-bombing," which is the practice of hacking video conferencing software and sessions. Part of the issue is that Zoom's short number-based URLs can be guessed by hackers.

"The FBI has received multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language," the FBI said in a statement to CBS Boston.

Security researchers have also been critical of Zoom on Twitter. Arvind Narayanan, a Princeton University professor and security expert, called Zoom a "privacy disaster." David Heinemeir Hansson, creator of Ruby on Rails and founder of Basecamp, had even harsher words for Zoom.

"What pains me about Zoom being such sleazeballs when it comes to both security and privacy is just how unnecessary it is. They have good fundamental tech! But as the skeletons keep falling out of the closet, it’s clear that the organization is fundamentally corrupt," Hansson said.

Hansson's Twitter feed links to several articles that put Zoom in an unflattering light, including one that claims Zoom deceives people into thinking it has end-to-end encryption when it doesn't.

Zoom has also faced criticism over its Mac installer, which a security researchers called out for bypassing Apple's OS restrictions by using "the same tricks that are being used by macOS malware." To Zoom's credit, Zoom was quick to respond with a fix.

My advice? Do your research on whatever video conferencing software you plan to use, and stay diligent.

Paul Lilly

Paul has been playing PC games and raking his knuckles on computer hardware since the Commodore 64. He does not have any tattoos, but thinks it would be cool to get one that reads LOAD"*",8,1. In his off time, he rides motorcycles and wrestles alligators (only one of those is true).