Zoom Still Addressing Security, Privacy Concerns

Governments, Organizations Rethink Use of Teleconference Platform • April 10, 2020.

Zoom Still Addressing Security, Privacy Concerns

As governments and organizations around the globe rethink their use of the Zoom teleconference platform as a result of ongoing privacy and security concerns, the company is making more system changes and has formed a CISO advisory board.

See Also: Webinar | Can Medium-Sized Companies Automate Access to Critical Multi-Cloud IT Environments?

On Thursday, the U.S. Senate sergeant-at-arms sent an advisory to senators and their staff raising concerns about Zoom’s security, The Financial Times reports. And while the advisory did not recommend a total ban on Zoom, the sergeant-at-arms encouraged staffers to look at other platforms, such as Skype for Business, CNN reports.

Meanwhile, Germany’s government advised its employees to stop using Zoom because of security concerns, according to the news agency Handelsblatt. And several companies, including Google and SpaceX, have either stopped using Zoom or have asked employees to limit use, according to CNET.

The COVID-19 pandemic has forced millions worldwide to work at home, which has led to a spike in the use of such collaboration platforms as Zoom, WebEx, Skype and Microsoft Teams, according to the Wall Street Journal.

Cutting Down on ‘Zoom-Bombing’

Zoom is trying to make technical fixes to its platform to cut down on so-called Zoom bombing, where an intruder interrupts a video conference (see: The Cybersecurity Follies: Zoom Edition).

This week, Zoom updated its client platform to remove the video conference meeting identification number from the title bar, according to a company blog post. When screenshots of meetings appeared online, pranksters and others could use those numbers to interrupt or eavesdrop on meetings.

In a screenshot of U.K. Prime Minister Boris Johnson holding a Cabinet meeting earlier this month, the meeting ID number could be clearly seen in the upper left-hand corner.

A U.K. video cabinet meeting screenshot exposed the Zoom meeting ID number.

The removal of the number from the title bar should improve the platform’s security, according to Zoom. “The title will simply be ‘Zoom’ for all meetings, preventing others from seeing active meeting IDs when, for instance, Zoom screenshots are posted publicly,” according to the blog post.

Earlier, Zoom CEO Eric Yuan noted that the company is addressing other privacy and security concerns by implementing geo-fencing and meeting encryption (see: Zoom Promises Geo-Fencing, Encryption Overhaul for Meetings).

But other security issues continue to arise. On Friday, for example, security firm Intsights said it had discovered an underground forum where cybercriminals were looking to rent or share a database that contained over 2,300 Zoom usernames and passwords. It’s not clear whether the data came from a breach of Zoom or a third party, Intsights says.

Advisory Board

In addition to updates to its platform, Zoom has created a CISO advisory board to help it address security issues. Initial members include security leaders from VMware, Netflix, Uber and Electronic Arts, according Yaun’s latest blog post.

In a separate move, Alex Stamos, the former CISO of Facebook and currently an adjunct professor at Stanford University, will serve as an outside adviser to Zoom.Alex Stamos@alexstamos

Some personal news…

After tweeting about Zoom last week I got a call from the CEO, @ericsyuan, and we had a great chat. Happy to say that I’ll be helping Zoom out as they build up their security program.https://medium.com/@alexstamos/working-on-security-and-safety-with-zoom-2f61f197cb34 …Working on Security and Safety with ZoomLast week, after I posted a series of tweets discussing the security challenges for Zoom and how they could respond, I got a phone call…medium.com4,250Twitter Ads info and privacy687 people are talking about this

In a post on Medium, Stamos says he’ll work with the company to improve its platform’s security as well as increase the use of encryption to protect user data.

“Zoom has some important work to do in core application security, cryptographic design and infrastructure security, and I’m looking forward to working with Zoom’s engineering teams on those projects,” Stamos says

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: