Zoom led to massive growth in early March due to the coronavirus. It has gone from hosting 10 million participants per day at the meeting at the end of last year to more than 200 million participants per day in the meeting this year in March. The influx naturally attracted bad actors who took advantage of Zoom’s security flaws resulting in “bombings” and highlighted other security and privacy issues as soon as researchers finally began to pay attention.
Last week I wrote an analyst recommendation regarding Zoom here and I believe certain types of organizations should not use Zoom until the company completes its 90-day security and privacy investigations and special repairs. Many schools have already split into other services based on this perceived risk that was partly driven by a surprising FBI warning here, of “classrooms.”
Security and privacy zooming issues have not started this year
Zoom’s security issues didn’t start with “bombings,” and security problems went back to at least last March in 2019. In CEO Eric Yuan’s apology blog, he said: “Thousands of companies around the world have conducted comprehensive security reviews of our user, network, and center layers Confidently selected data and zoom for full deployment. ”While many companies have chosen Zoom, Zoom is not alien to security issues, but rather I would say they ignored security problems.
According to security researcher Jonathan Leitschuh, Zoom had a zero security bug early last March, which was not addressed until July. In the six podcasts, I Daniel Daniel Newman at Futurum Research discussed this security flaw and how Zoom’s initial response was weak.
The security flaw was related to websites able to forcibly open a Zoom call on a Mac and operate a user’s webcam. Wait for Zoom until Apple steps in to fix the issue and reveal the security issue on Zero Day. In its first reaction to the yuan in 2019, it was considered vulnerable to a low risk, to say later that they had not acted fast enough, and the security risks were misjudged.
I think Zoom’s handling of security risks is quite familiar to the way Facebook handled its user data in the Cambridge Analytica incident. Between 2008 and 2015, Facebook allowed apps to collect user data from people who used these apps and their friends, which violated the terms of the users. Cambridge Analytica was one of the companies that took advantage of the data.
Facebook learned of the breach and signed an agreement with Cambridge Analytica to delete user data, but they continued to use it while Facebook switched the other way. Facebook did not respond until it was revealed 3 years after it was linked to the 2016 elections. Mark Zuckerberg responded by offering the same promise he made 8 years ago, which is to add privacy controls that are easier for users. Facebook responded to the problem too late, and waited until it exploded to fix it.
Zoom and Facebook knew that they were moving very fast
“When Facebook made this promise in 2010,” sometimes we move quickly, said Mark Zuckerberg in The Washington Post. This was in response to Facebook advertisers’ access to user information regarding the use of the privacy vulnerability. In an interview with CNN about Zoom’s privacy concerns, Eric Yuan says the same thing, “We were moving very fast.” It is true that Yuan says this in the context of the coronavirus. This does not change the fact that Yuan and Zuckerberg talk about privacy issues with their services.
Zoom allows users to log in to Zoom with Facebook to get a convenient way to access the platform, however it has violated user privacy by issuing user information to the Facebook SDK. Zoom had the right idea but it was moving really fast and cost users privacy.
Likewise, user data has been sent to the data mining tool so that users can view the other LinkedIn account without their consent. Zoom has removed the feature, but we must remember that it was an advantage. Zoom had the right idea to connect enterprise users, but it was moving very fast and once again, it cost users privacy. I think Zoom should contact customers who have their personal data shared without knowledge with Facebook and LinkedIn.
Like Facebook, we hope Zoom’s intentions are to improve its services, but again, there is a lot of money involved in personal data, which may be very attractive.