While Zoom Video Communications is trying to change the public’s rightful perception that, at least until a few weeks ago, Zoom security and privacy were low on their list of priorities, some users are already abandoning the ship.
Working on the security and privacy issues
The company initially concentrated their efforts into breaking into the enterprise market and, I believe, Zoom’s recent popularity explosion took even them by surprise.
While they are trying to quickly scale their offering to meet the rising demand, the fact that they’ve concentrated their efforts on usability and made unsavoury trade-offs that affect the product’s security and users’ privacy is coming back to bite them.
To their credit, the company and its CEO threw themselves into full and meaningful crisis management, announcing a temporary moratorium on new features and a shift of all their engineering resources to focus on trust, safety, and privacy issues.
They also quickly fixed most of the issues discovered by users and security researchers and exploited by attackers, announced concrete measures, added more to the list, and continue to add more still.
For example, they say that they are working on implementing more privacy-friendly encryption and that, later this week, every paid Zoom customer will have the option to opt in or out of a specific data center region (except the default), in order to prevent the unneeded (and questionable) routing of their meeting traffic through servers in China.
The company is also working with Luta Security, a consultancy founded and headed by
vulnerability disclosure / bug bounty program pioneer Katie Moussouris, on reexamining their bug bounty program.
Some users are done with Zoom
In the meantime, several governments and prominent companies (Tesla, Google) have prohibited staff and employees from using Zoom for work.
According to Blind, who polled 4,392 professionals from various big US companies, 12% of professionals have completely stopped using Zoom due to security issues, and 9% are using Zoom less.
Another thing that can end up pushing some consumers off the Zoom wagon is the fact that criminals are actively phishing for Zoom user credentials and compromising them via credential stuffing attacks, then selling the accounts on hacker forums.
Finally, the fact that Zoom now presents a big target for hackers who are aiming to sell bugs they discover to the highest bidder might cool many a user’s love for the popular video conferencing solution.