Zoom sued over privacy and security flaws

0
0
exc-5e8e6dfb34078624feeb37df


Zoom CEO Eric Yuan attends the opening bell at Nasdaq as his company holds its IPO in New York. Millions of people are now working from home as part of the intensifying fight against the coronavirus outbreak. They are being sued for the lack of security on the video calling service, according to Bloomberg.  Photo by Mark Lennihan, File/AP

Zoom CEO Eric Yuan attends the opening bell at Nasdaq as his company holds its IPO in New York. Millions of people are now working from home as part of the intensifying fight against the coronavirus outbreak. They are being sued for the lack of security on the video calling service, according to Bloomberg. Photo by Mark Lennihan, File/AP

As more and more companies, organizations and classes turn virtual and rely on Zoom to communicate, one shareholder sued the company to bring to light privacy and security concerns.

According to a Bloomberg report, stakeholder Michael Drieu filed the lawsuit in San Francisco claiming that CEO Eric Yuan and other top executives deliberately withheld information about imperfections in the security software for Zoom, making it easier for hackers to gain access to their system.

Yuan released a blog post Wednesday attempting to reassure customers that Zoom is a trustworthy organization.

>
All of my classes use WebEx. This just adds another reason to stick with WebEx in the future.
— Rike Tyles

“Zoom has seen tremendous growth and new use cases emerge over the past few weeks, and we are committed to ensuring that the safety, privacy and security of our platform is worthy of the trust of all of our users,” Yuan said in the post.

Drieu claims that Zoom failed to disclose when calls were not “end-to-end encrypted” and that user information was unknowingly sent to third-party organizations like Facebook, without user authorization.

“All of my classes use WebEx,” sixth-semester allied health science major Rike Tyles said.  “This just adds another reason to stick with WebEx in the future.”

The lawsuit comes after the University of Toronto’s Citizens Lab released a report on April 3 discovering that Zoom misrepresents which encryption key is used in meetings.

“Zoom documentation claims that the app uses ‘AES-256’ encryption for meetings where possible,” the report said. “However, we find that in each Zoom meeting, a single AES-128 key is used in ECB mode by all participants to encrypt and decrypt audio and video. The use of ECB mode is not recommended because patterns present in the plaintext are preserved during encryption.”

Yuan posted a blog response to the report the same day.

“We’ve taken steps to address two primary topics — geo-fencing and meeting encryption,” the post said. “… And continue to work actively to address issues as we identify them. As video communications become more mainstream, users deserve to better understand how all these services work, including how the industry — Zoom and its peers — manages operations and provides services in China and around the world.”

According to the Bloomberg article, the Taiwanese government, the New York City Department of Education, Tesla and SpaceX have all banned the use of Zoom in their organizations.

There have been reports, according to Bloomberg, of hackers gaining access to private Zoom meetings and then recording them, posting them on public internet services without the consent of the meeting host or participants. The phenomenon has been dubbed “Zoombombing.”

According to CNBC, because of coronavirus, Zoom has seen more video conferences in 2020 so far than in all of 2019.

Related Content:

One credit COVID-19 class for UConn students

Full-Time Online: Students share their thoughts and experiences with online coursework


Luke Hajdasz is a staff writer for The Daily Campus. He can be reached via email at luke.hajdasz@uconn.edu.

Leave a Reply