news

CEO Addresses Zoom Security Issues, Critics ‘Don’t Need Apologies’

Cybersecurity

Zoom security issues have prompted company CEO Eric Yuan to speak out on the barrage of complaints that have arisen since use of its platform has exploded amid the COVID-19 pandemic.

This week, the FBI issued a warning that video teleconferencing (VTC) hijacking, also called “Zoom-bombing,” is emerging nationwide. The New York Attorney General’s office sent a letter to Zoom with a number of questions regarding users’ privacy and security, and there’s a class-action lawsuit in California alleging Zoom is giving users’ personal data without their consent to outside companies such as Facebook.

Thousands of enterprises globally have conducted security reviews of Zoom and “confidently selected” it for complete deployment, Yuan said.

Zoom was not built knowing “every person in the world would suddenly be working, studying and socializing from home,” he said.

Zoom's Eric Yuan

Zoom’s Eric Yuan

“We now have a much broader set of users who are utilizing our product in a myriad of unexpected ways, presenting us with challenges we did not anticipate when the platform was conceived,” Yuan said. “These new, mostly consumer use cases have helped us uncover unforeseen issues with our platform. Dedicated journalists and security researchers have also helped to identify pre-existing ones.”

Zoom is looking into every question and addressing them “as expeditiously as we can,” he said.

“Over the next 90 days, we are committed to dedicating the resources needed to better identify, address and fix issues proactively,” Yuan said. “We are also committed to being transparent throughout this process. We want to do what it takes to maintain your trust.”

In an April 1 blog, Zoom apologized for incorrectly suggesting that its meetings were capable of using end-to-end encryption.

Zoom security issues have prompted Fight for the Future to launch a new campaign calling for the company to implement default end-to-end encryption on all video, audio and chat content.

“We don’t need Zoom’s apologies,” said Evan Greer, the organization’s deputy director. “We need them to actually implement the type of security measures needed to keep people safe. Zoom implementing end-to-end encryption by default is perhaps the single biggest thing that any company could do right now to protect people’s online safety during the COVID-19 crisis.”

Some competitors say they’re gaining market share from Zoom security issues. Lifesize said its daily new user registrations month-to-date increased more than 5,000% compared to prior months. Also, call volume grew by more than 500%.

Michael Helmbrecht, LIfesize’s COO, said dating back to last year, his company has had many organizations inquiring about an alternative to Zoom that “takes their security and privacy more seriously.”

“We design and develop for enterprise privacy and security in everything we do – it is essential to our engineering culture,” he said. “And we are transparent about what we do to protect that privacy and security. We don’t use customer data for our financial gain or that of third parties. We don’t take shortcuts or knowingly create security vulnerabilities by working around operating system safeguards. We believe that ease of use and security should go hand-in-hand; one should not be sacrificed for the other.”

In addition, LogMeIn said it provides enterprise-grade security for Zoom users. Its integration allows provisioning for Zoom users, and its identity-as-a-service (IDaaS) platform streamlines identity and access management for Zoom, and all cloud and on-premises applications.

In addition, LogMeIn offers enterprise-grade identity management features for Zoom.


Leave a comment

Your email address will not be published. Required fields are marked *

The ID is: 135070