Vulnerabilities Exposed, Enterprise Bans, Emergency Statements: What Has Zoom Experienced in the Past Week?

Zoom, which has performed very well due to the epidemic, has recently run into trouble.

Due to frequent privacy and security incidents, Zoom has triggered a crisis of trust across the entire network and has even been accused of being a "rogue software."

Recently, Zoom was even officially banned by SpaceX, NASA and other organizations. For this reason, Zoom made an emergency statement on a series of events in its official blog.

Zoom: It’s too difficult. The number of users has increased 20 times in four months.

In March, daily visits to the Zoom.us download page grew 535%, according to analytics firm SimilarWeb.

Although Zoom did not disclose the specific number of users, it stated on its Weibo that in December last year, the number of daily conference participants was only 10 million, but by March this year, the number of daily conference participants reached 200 million.

As the number of users grows, Zoom is also facing pressure from all sides, with companies constantly questioning the security of Zoom.

A tough week for Zoom

Since March 26, there have been voices on the Internet questioning the security of Zoom. In just this short week, Zoom has been under pressure from the media, businesses, and users.

March 26 (Thursday): Sharing user data privately

On March 26, Vice's Motherboard channel reported that when iOS users install and enable Zoom, the program will privately share data through Facebook's Graph API.

The information includes: usage time, device model, time zone, telecommunications service provider, and advertising type.

Even if some users do not have a Facebook account, Zoom will still share their data.

Although Zoom has clearly stated that it does not and will not sell data, this confirmed behavior shows that Zoom has failed to effectively protect user information on its platform.

Zoom responded on March 28 by removing the relevant code.

March 28 (Saturday): Major companies have banned Zoom

On March 28, SpaceX sent a notice to employees:

"We know that many employees are using Zoom for meetings, and we ask that you use email, text messages, and phone calls instead of Zoom."

On the same day, NASA also told the media that it had issued a notice prohibiting employees from using Zoom.

The FBI even issued a warning about using Zoom, saying it had received multiple incidents of illegal intrusions into meetings, and reminded users not to hold public meetings on the site or widely share links.

3.30 (Monday): Frequent security vulnerabilities

Last week, a team of security professionals, Trent Lo, developed a program called zWarDial that can automatically guess 9- to 11-digit Zoom meeting IDs and collect information about those meetings.

A news report on March 30 indicated that hackers could take over Zoom users' Macs through a new vulnerability, including eavesdropping on webcams and hacking into microphones. As a result, pornographic, violent, and racist content appeared in meetings.

Security expert Brian Krebs said in a report on April 2 that an automated tool developed by researchers called "War Dialing" can find nearly 2,400 Zoom meeting information per hour.

This includes the link required to join each meeting, the date and time of the meeting, the name of the meeting organizer, and any information provided by the organizer about the meeting topic.

Tuesday, March 31: False advertising of end-to-end encryption

Another point that many netizens were dissatisfied with was that Zoom had falsely claimed that it had implemented end-to-end encryption for conference videos. This private Internet communication method can effectively protect the communication content from being obtained by third parties.

On March 31, The Intercept reported that Zoom only enabled end-to-end encryption for some text messages and some modes of audio, but did not use this encryption method for many video and phone communications.

The report also stated that Zoom's video conferencing service is leaking a large amount of users' email addresses, photos and other information, and strangers can call users through the leaked information.

Zoom later acknowledged the situation in a blog post, saying the platform was not yet able to achieve end-to-end encryption everywhere and apologized for its previous inaccurate description.

April 1 (Wednesday): Zoom announces it will do its best to resolve

Although Zoom is doing its best to respond to the series of security and privacy incidents and has solved some of the problems, the speed of resolution is obviously not keeping up with the frequency of discovery.

In a blog post on April 1, Zoom apologized for what had happened recently and announced that it would stop developing all new features and shift all engineering resources to security issues that had occurred in recent weeks.

In addition to devoting all resources, Zoom said it will launch a "bug bounty" program to encourage everyone to find vulnerabilities. In addition, it will "conduct a comprehensive review with third-party experts" to ensure that the program can be used safely by users.

During the epidemic, all walks of life are facing unprecedented severe tests.

Compared with other industries that have shrunk sharply due to the epidemic, Zoom's key position in the enterprise service field has made it shine.

From December last year to early January this year, Zoom's stock price remained at US$60-70, and its high point since March reached US$160.

After a series of product safety issues broke out, the stock price recently fell back to $120.

It can be seen that market expectations will not favor Zoom's dominant position, and users will not give up their pursuit of security just because the product is easy to use.

Security has once again proven to be a vital element of enterprise services.