Zoom Gets into Settlement with NY Attorney General Over Privacy and Security Concerns

Zoom got to a deal with the New York Attorney General’s office and has made a commitment to employ better privacy and security measures for its teleconferencing program. New York Attorney General Letitia James investigated Zoom after analysts found a variety of privacy and security problems with the program sometime this year.

Zoom has shown to be one of the most widely used teleconferencing systems throughout the COVID-19 outbreak. In March, around 200 million persons were joining Zoom meetings with usership rising by 2,000% in the period of merely 3 months. As more people use Zoom more regularly, flaws in the program started to show up.

Meeting participants started to report instances of uninvited persons joining and disturbing private meetings. A number of these “Zoombombing” attacks made meeting attendees racially abused and harassed because of religion and gender. There were likewise many recorded incidents of uninvited persons attending conferences and presenting pornographic photos.

Then security analysts started finding privacy and security concerns with the program. Zoom mentioned on its webpage that Zoom meetings were secured with end-to-end encryption, nevertheless, it was observed that Zoom had employed AES 128 bit encryption as opposed to AES 256 bit encryption, therefore its end-to-end encryption claim was incorrect. Zoom was furthermore observed to have released encryption keys to data centers in China, although meetings were going on between end people in the U.S.

Zoom employed Facebook’s SDK for iOS to enable users of the iOS mobile software to log in through Facebook, which indicated that Facebook was given technical details connected to users’ devices every time they started the Zoom software. While Zoom did point out in its privacy policy that third-party programs may obtain data about users, details were noticed to have been transmitted to Facebook even though users hadn’t used the Facebook login with the application. There were likewise privacy concerns linked with the LinkedIn Sales Navigator option, which granted meeting participants to watch the LinkedIn details of other meeting participants, even though they had taken action to keep anonymous by taking on pseudonyms. The Company Directory attribute of the system was found to break the privacy of many users by leaking personal data to other users in case they had an identical email domain.

Zoom took action promptly to the privacy and security concerns and solved most in just several days of discovery. The organization likewise announced that it was stopping all progress work to work on privacy and security. The firm furthermore enacted a CISO Council and Advisory Board to concentrate on privacy and security and Zoom not too long ago announced that it has gotten the start-up business Keybase, which will help to configure end-to-end encryption for Zoom meetings.

According to the terms of the agreement with the New York Attorney General’s office, Zoom agreed to use a complete information security program to make certain its users are safeguarded. The program is going to be supervised by Zoom’s chief of security. The organization has additionally agreed to perform a detailed security risk analysis and code review and will deal with all identified security concerns with the program. Privacy controls will likewise be implemented to secure free accounts, including those available to schools.

According to the terms of the settlement, Zoom needs to continue to examine privacy and security and employ additional protections to offer its users more control over their privacy. Measures should furthermore be taken to manage vulgar activity in the program.