Zoom agrees security improvements after FTC investigation

News Broadband United States 10 NOV 2020
Zoom agrees security improvements after FTC investigation

Zoom Video Communications has agreed to tighten the security of its videoconferencing services after the FTC found the company had misled users about the extent of its protection of personal data. The company agreed to conduct an annual security assessment, implement a vulnerability management program and deploy safeguards such as multi-factor authentication, data deletion controls and blocking compromised user credentials.

In addition, Zoom personnel will be required to review any software updates for security flaws and must ensure the updates will not hamper third-party security features. It will be subject to biennial reviews by an independent auditor to ensure it meets the tenets of the agreement, and the company must notify the Commission if it experiences a data breach.

The FTC investigation was started this spring after the exponential rise in Zoom users when the coronavirus pandemic started. The company grew from 10 million daily users in December 2019 to 300 million in April. 

Zoom acknowledged the security shortcomings itself already earlier this year, starting a major review of its operations in April. At the prompting of the New York Attorney General, Zoom made several changes in its software to protect users better, and the company continues to enhance encryption and other security features. 

Zoom said in a statement that "the security of our users is a top priority" and it had already addressed the issues identified by the FTC. 

The FTC investigation found several shortcomings in Zoom's security protocols going back to 2016. Notably the company's repeated claim of end-to-end 256-bit encyrption was false, as Zoom still held keys to access customer meeting data and a lower level of security was used for securing Zoom Meetings. 

Furthermore, the company misled some customers about the immediate encryption of data stored in its cloud servers. In fact, some recordings remained unprotected on Zoom's servers for up to 60 days before being moved to the encrypted platform.

Another problem was an update of its software for Macs in July 2018 with the new feature ZoomOpener. This allowed the company to launch a meeting on the user's computer, bypassing malware protections in the Safari browser. The software remained on users’ computers even after they deleted the Zoom app, and would automatically reinstall the Zoom app, without any user action, in certain circumstances. The company did not adequately disclose the app's functions or that it would remain on the computer after deleting, the FTC found. 

Categories:

Internet

Companies:

Zoom Video Communications

Countries:

United States

Tags:

Security, Regulations, Videoconferencing

Related Articles

GLOBAL 18 JAN 2021

Zoom completes USD 2 billion secondary share offering

Zoom Video Communications has closed its secondary share offering, with gross proceeds rising to USD 2.0 billion instead of the expected 1.75 billion, minus deductions, commissions and expenses. The company sold a bit over 5.8 million shares for USD 340 per piece.

GLOBAL 13 JAN 2021

Zoom raises USD 1.75 billion in secondary share offering

Zoom Video Communications has priced an offering of over 5 million shares at USD 340 per unit. The offering is expected to generate USD 1.75 billion, before deductions, commissions and expenses. The shares was priced just above the company's last closing price before the offering was announced, of USD 337.71. The stock finished the day up 5.7 percent at USD 356.81.

GLOBAL 12 JAN 2021

Zoom starts USD 1.5 billion public offering

Zoom Video Communications said it has started a public offering of USD 1.5 billion worth of shares. The company expects to also grant a greenshoe of USD 225 million more shares. All of the shares in the proposed offering will be sold by Zoom.

SINGAPORE 16 DEC 2020

Zoom to expand presence in Singapore

Zoom Video Communications announced plans to double its data centre capacity in Singapore by opening a new Research and Development Center there. The company will hire hundreds of key engineers at its new facility and will also expand its co-located data centre in the country. This commitment represents a growing strategic investment in the country, where Zoom has already had a presence for two years.

GLOBAL 1 DEC 2020

Zoom extends contract with AWS for cloud services

Amazon Web Services (AWS) announced that Zoom Video Communications selected AWS as its preferred cloud provider. The multi-year agreement extends their longstanding relationship, enabling Zoom to scale its service on AWS's for its growing customer base.

GLOBAL 26 OCT 2020

Zoom starts testing end-to-end encryption for all users, paid or free

Zoom Video Communications said it has added end-to-end encryption (E2EE) for all users worldwide, free and paid, for meetings of up to 200 participants. The feature is available immediately as a technical preview, and the company said it will welcome user feedback over the next 30 days. 

GLOBAL 25 JUN 2020

Zoom hires Lee as Chief Information Security Officer

Zoom Video Communications named Jason Lee as its Chief Information Security Officer, effective  29 June. Lee brings 20 years of expertise in information security and operating mission critical services. He was most recently the SVP of Security Operations at Salesforce, and previously was Principal Director of Security Engineering at Microsoft. Lee will lead Zoom's security team and report to Aparna Bawa, Zoom's Chief Operating Officer.

GLOBAL 18 JUN 2020

Zoom extends encryption to free users

Zoom Video Communications announced it will offer free encryption to all its customers, not just paid subscribers. The decision is part of its 90-day review to improve security on the videoconferencing platform. 

UNITED STATES 8 MAY 2020

Zoom agrees security, privacy improvements after New York AG investigates

New York Attorney General Letitia James announced an agreement with Zoom Video Communications for the videoconferencing provider to adopt new security measures. James wrote to the company in March to express concerns about a lack of protection for the growing number of Zoom users and said she would investigate the company's security and privacy practices. Many of the agreed new measures are part of Zoom's earlier announced 90-day security plan, some of which has already been implemented. 

GLOBAL 22 APR 2020

Zoom update adds encryption, increased security controls

Zoom Video Communications has announced an update of its virtual meeting software, adding encryption and new security controls. The company said the roll-out of the Zoom 5.0 update is an important milestone in the 90-day plan it started to improve security on the platform. 

GLOBAL 9 APR 2020

Google bans Zoom software from employee devices

Zoom videoconferencing software has been banned from the devices of Google employees on security concerns, BuzzFeed News reported. Zoom's software, in competition with Google's own Meet app, has seen explosive growth since the start of the covid-19 pandemic but also growing concerns about its security. The company earlier hired a former Facebook security chief to help with its security review.

GERMANY 9 APR 2020

German Foreign Office bans use of Zoom on official service devices - report

The German Federal Foreign Office has banned the use of Zoom on devices used for official activities due to risks associated with the IT system, Handelsblatt reports citing a letter sent to employees of the foreign service. In the letter, the Foreign Office cites media reports saying that  Zoom has critical vulnerabilities and continues to have significant security and data protection problems. 

TAIWAN 9 APR 2020

Taiwan bans use of Zoom platform by state agencies, schools amid security concerns

Taiwan's government has informed schools nationwide that Zoom is banned for distance learning, and suggested the use of software such as CyberLink U Meeting, Microsoft Teams, Cisco WebEx, Adobe Connect, or Google Hangouts Meet instead, Taipei Times reports. Zoom CEO Eric Yuan recently reminded Taiwanese central government agencies, state-run companies and the nation's science parks not to use visual conferencing software products that could compromise the nation's information security. The company executive

GLOBAL 8 APR 2020

Zoom hires former Facebook security chief to help with security review

Zoom Video Communications announced it has hired Alex Stamos as an outside advisor to help in its planned security review. He was previously Facebook's Chief Security Officer, until leaving the company in 2018 to become a researcher at Stanford university. Zoom also formed an advisory council with other security specialists.

GLOBAL 2 APR 2020

Zoom promises full security review as users pass 200 mln per day

Zoom Video Communications announced it has seen a 20-fold increase in daily users on its messaging and conferencing platform. In March, the company passed 200 million daily meeting participants, both free and paid, compared to 10 million in December last year. The increased usage has raised concerns about security and privacy on Zoom, and CEO Eric Yuan issued an apology to customers, saying the company would focus more on addressing the concerns.

Just In

19 DEC 16:42

SLT-Mobitel launches 5G network in Sri Lanka

19 DEC 16:19

Dialog Axiata launches 5G network, connects 1.5 million subscribers

19 DEC 15:56

UK govt to ban AI-enabled nudification apps to protect women, girls

19 DEC 15:42

3 UK launches last-minute Christmas sale

Commentary

13:56

Video market set for slower growth ahead

11:38

Netflix buys Warner Bros to deepen content catalogue

11:11

KPN's mixed performance in Q3 raises questions for strategy day

15:26

Stock markets breaking records but what happened to Odido's IPO plans?

Background

01:04

The week in telecom: Wi-Fi bolt-ons take off to boost broadband growth, video market works on consolidation

01:39

The week in telecom: Netflix wins bidding for Warner Bros, Apple poaches new execs, Samsung debuts trifold

13:51

Proximus vs. Telenet: Proximus performs better in Q3 while Telenet uses up cash

14:16

Proximus Domestic still struggling with low margins

Complete profile

Before downloading the whitepaper, we would like to ask you to complete your profile with company and position. After confirming you will receive the white paper.