These are unprecedented times, and we’re all in this together. In these challenging times, there are certain things that seem to be uniting the whole world by a common thread. One such thing is video chatting and one such thread is Zoom. If you’re someone ‘fortunate’ enough to be digitally connected with the rest of the world, while staying (and working) at home in the wake of the novel coronavirus outbreak, there’s a high probability that you’ve heard about Zoom. There’s a high probability that you’d be using it too.
No one really knows how Zoom became an overnight success story — even CEO Eric S Yuan is at a loss of words while talking about it. The video conferencing app has shot up from an average of 10 million daily users to a ‘whopping’ 200 million daily users in just three months. But, with overnight success also came ‘intense’ scrutiny. Concerns. Issues. That of privacy and security.
With great power comes great responsibility
Zoom could well be one of the few tech companies in the world right now to acknowledge — even apologize for — its problems as quickly as it has. But more importantly, it’s one of the few companies to have come up with a plan, as quickly, to fix its many privacy and security issues. Zoom has put out a detailed blog post clearly highlighting the steps that it is taking to ensure the privacy and security of its users. One of the first ‘bold’ steps that it’s taking is to ‘freeze’ the development of any more features, for 90 days. Zoom will instead devote all its resources to secure its platform first.
“For the past several weeks, supporting this influx of users has been a tremendous undertaking and our sole focus. We have strived to provide you with uninterrupted service and the same user-friendly experience that has made Zoom the video-conferencing platform of choice for enterprises around the world, while also ensuring platform safety, privacy, and security. However, we recognize that we have fallen short of the community’s – and our own – privacy and security expectations. For that, I am deeply sorry,” Zoom CEO Eric S Yuan wrote in the blog post.
In addition to freezing the development of more features, Zoom will also conduct a comprehensive review of its platform with both third-party experts and users to better understand the challenges that have come up with its tremendous growth over the last few months. It will ‘enhance’ its bug bounty program to detect issues quickly. And it will host weekly webinars to provide privacy and security updates to its community.
What went wrong?
Zoom was built ‘primarily’ for enterprise customers, the sort of users with full IT support who presumably would have had exhaustive security reviews before choosing it, Yuan wrote. These customers would ideally have pointed out any issues with the platform, as and when they came up, and Zoom would ideally be expected to fix them. But Zoom did not know — or foresee — that “every person in the world would suddenly be working, studying, and socializing from home,” in a matter of weeks, and that they would all be using Zoom for video conferencing — the platform offers both free and paid services.
This sudden surge in usage has uncovered unforeseen issues with the platform, the company CEO wrote, while security researchers are helping it identify pre-existing ones.
One of these issues has a rather simple fix that involves the user themselves. Before Zoom came under the radar, it seems, not every user knew — or knowingly ignored — that you could password protect your meetings. Without password protection, there’s a high possibility that your Zoom meetings could be ‘Zoom bombed,’ meaning hackers could eavesdrop any moment and while this is a serious privacy risk for anybody in general, it could be catastrophic for large companies dealing with sensitive data. According to security researcher Brian Krebs, hackers have already designed a program called zWarDial that can help speed up the process of ‘guessing’ Zoom meeting identification numbers and in case these meetings aren’t password protected, to also drop in uninvited.
Apart from Zoom bombing, the platform was also until recently marred by an issue that allegedly put users’ LinkedIn profiles at risk of potential exposure even when they were using it anonymously. The issue has since been fixed.