- Video-conferencing service Zoom faces multiple reported security issues as both usage and scrutiny increase.
- In the last 48 hours, reports surfaced that Zoom doesn't use end-to-end encryption for its video meetings and that it leaked thousands of email addresses to strangers.
- Compounding its security woes, the Windows version of Zoom is reportedly vulnerable to attackers who could send malicious links to users' chat interfaces and gain access to their email passwords.
- Visit Business Insider's homepage for more stories.
It looks like Zoom's security problems are snowballing.
According to a Tuesday article from Motherboard, the video-call service inadvertently exposed the personal email addresses and photos of thousands of people. Zoom's "Company Directory" feature automatically groups together users who share the same email domain; as such, it's meant to make it easier for work colleagues at individual companies to find each other.
But since at least mid-March, Twitter users have reported that, despite registering with Zoom using their personal email addresses, Zoom grouped them with thousands of others as if they all worked for the same company, thereby exposing their personal information to each other.
Transform talent with learning that worksCapability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More After Motherboard raised concerns with Zoom, a Zoom spokesperson said it maintains a "blacklist" of domains and "regularly proactively identifies" domains to be added, adding that it has since blacklisted the specific domains highlighted by Motherboard.
Meanwhile, The Intercept also reported Tuesday that Zoom doesn't use end-to-end encryption on video meetings, despite using the term frequently in its marketing materials. End-to-end encryption would basically ensure neither external attackers nor Zoom itself could access the contents of a video meeting. Instead, it offers another form of encryption called "transport encryption." This scrambles the content for external attackers, theoretically, but not for Zoom itself.
Zoom told The Intercept in a statement that it does not directly access users' data.
Finally, cybersecurity researchers have found the Windows version of Zoom is vulnerable to attackers who could send malicious links to users' chat interfaces and gain access to their network credentials.
According to ZDNet, the flaw that enables this was first discovered and publicized on Twitter by a cybersecurity researcher going by the alias @_g0dmode. The flaw has since been illustrated and publicized further by another cybersecurity researcher, Matthew Hickey.
Zoom has not yet responded to news of the Windows flaw.
Zoom has witnessed a boom in popularity amid the coronavirus outbreak. In a note seen by CNBC, analysts at Bernstein said it's added 2.22 million monthly active users so far in 2020 - more than the 1.99 million it added in the whole of 2019.
But the increased popularity also means greater scrutiny.
Princeton computer science professor Arvind Narayanan criticized Zoom for possessing multiple security issues, describing its service as "malware" in a tweet Tuesday. "The problems aren't new but suddenly everyone is forced to use Zoom. That means more people discovering problems and also more frustration because opting out isn't an option," he added in a follow-up.
Other security researchers are more circumspect, stating that there should be "less hysteria" around the service. "Users sacrifice far more privacy using services like Facebook, WhatsApp, Gmail, Google Search, and even commercial operating systems, than they do by using Zoom," Charl van der Walt, head of research at Orange Cyberdefense, told Business Insider.
Zoom did not immediately respond to Business Insider's request for comment.
Do you have a personal experience with the coronavirus you'd like to share? Or a tip on how your town or community is handling the pandemic? Please email covidtips@businessinsider.com and tell us your story.
And get the latest coronavirus analysis and research from Business Insider Intelligence on how COVID-19 is impacting businesses.
Next Story
Colon cancer rates are rising in young people. If you have two symptoms you should get a colonoscopy, a GI oncologist says.
I spent $2,000 for 7 nights in a 179-square-foot room on one of the world's largest cruise ships. Take a look inside my cabin.
An Ambani disruption in OTT: At just ₹1 per day, you can now enjoy ad-free content on JioCinema
SC rejects pleas seeking cross-verification of votes cast using EVMs with VVPAT
Ultraviolette F77 Mach 2 electric sports bike launched in India starting at ₹2.99 lakh
Deloitte projects India's FY25 GDP growth at 6.6%
Italian PM Meloni invites PM Modi to G7 Summit Outreach Session in June
Markets rally for 6th day running on firm Asian peers; Tech Mahindra jumps over 12%
