Zoom privacy concerns in the spotlight

While many businesses are suffering during the global COVID-19 pandemic, one has benefitted immensely: Zoom. As countries across the world have implemented measures to confine people to their homes, the videoconferencing app has become a popular way for families, friends and colleagues to communicate. But as it is invited into more people's homes and used to facilitate high-profile government meetings, several privacy experts have raised concerns over the safety of the app.

Zoom has been a popular app for several years, offering more competitive pricing and faster and higher quality streams than several of its rivals, alongside ease of use and fun products like virtual backgrounds. It was launched in 2013 by Eric Yuan, a former lead engineer for the videoconferencing software WebEx, which was later sold to Cisco.

The coronavirus outbreak has graduated Zoom from a business platform to a consumer one. It is being used by schools to teach virtual lessons, by DJs to livestream sets, by doctors to conduct 'telehealth' consultations, and as a socialising tool for friends. Mobile app tracking firm Apptopia reports that the Zoom app was downloaded 2.4 million times on Wednesday (March 25)—up from 56,000 global downloads in January. Zoom’s shares are up more than 100% since the beginning of the year.

But its recent use within governments has brought safety concerns to the surface. The G20, a group of the top 20 most powerful world nations, recently held a 'summit' over Zoom to discuss tactics to tackle the spread of the novel coronavirus. 

After UK Prime Minister Boris Johnson shared a photo of the Zoom call, the UK's Ministry of Defence moved to clarify the government's stance on the app, telling the BBC that it found no reason not to use Zoom for conversations "below a certain classification", such as cross-government chats, but that it had never been used for high-security meetings.

In parallel to this, a Motherboard investigation found that the iOS version of the Zoom app was sending to Facebook information such as when a user opened the app, their timezone, city, and device details, without explicity asking users for consent to do so. One day after Motherboard published the results of its analysis, Zoom issued an update saying it had removed the Facebook code after it was "made aware that the Facebook SDK was collecting unnecessary device data".

Zoom has grappled with several security issues over the years. Last year, security researcher Jonathan Leitschuh uncovered a critical vulnerability that allowed attackers to gain access to users’ webcams on Macs with the Zoom client installed. Zoom fixed the vulnerability, but was criticised for taking several months to do so.

In January, Check Point published research highlighting the fact that hackers could use brute force attacks to guess Zoom Meeting IDs, which are made up nine, 10 or 11 digits, enabling them to listen in on meetings that were not password protected. Zoom has since put in place measures to address this.

(This article first appeared on CampaignAsia.com)