The Zoom controversy: Privacy flaws and data shared with third parties
Popular app has issues
Isabell Rivera OW Contributor | 5/14/2020, midnight
Eric Yuan, Zoom CEO, acknowledged the issue and apologized on a Zoom blog post.
“We recognize that we have fallen short of the community’s—and our own—privacy and security expectations,” Yuan said. “For that, I am deeply sorry.”
As “VICE Media” reported, Zoom has sold email addresses and private photos from thousands of users. The Zoom’s “Company Directory” settings, where the flaw is located, apparently systematically adds other individuals to a user’s list of contacts, if the email they signed up with has the same domain. This can be an easy tool if you work for a company and would like to search for a colleague. However, many individuals say they signed up to Zoom with personal email addresses and their information was exposed and shared with hundreds of unknown persons.
“If you subscribe to Zoom with a non-standard provider (I mean, not Gmail or Hotmail or Yahoo, etc), then you get insight to ALL subscribed users of that provider: their full names, their mail addresses, their profile picture (if they have any) and their status. And you can video call them,” said Barend Gehrels, A zoom user who voiced his concerns to the media.
However, the other person still has to accept the incoming video call.
Although Zoom has fixed major privacy issues, its security software still needs some help. According to “Wired,” hackers can easily target Zoom and get user’s information that will then be sold on the darknet.
Jonathan Leitschuh, a security researcher, told “Wired” that the effortless way of video chatting comes with easy access for hackers, especially for Apple users. Apparently, they could even get access to users’ webcams.
Hackers can easily set up malware via a call and lure users into joining the conference call and gain access to their video feed, as well as the user’s office or room, according to Leitschuh. Even the Federal Bureau of Investigation (FBI) issued a warning of so-called “Zoom-bombing,” which is when hackers take over a public video call. Some hackers have interrupted conference calls with threats and racist slurs. Victims should report any incidents of possible “video hijacking” to the FBI.
“We will enforce these settings in addition to training and blogs,” Yuan tweeted.
A spokesperson of Zoom stated, to be “deeply upset to hear about the incidents involving this type of attack.” The company advised that users host large video call meetings, should enable additional privacy settings and only the host should share their screen.
The spokesperson then continued with, “We also recently updated the default screen sharing settings for our education users so teachers, by default, are the only ones who can share content in class.”