US, WASHINGTON (ORDO NEWS) — The company Zoom Video Communications, which owns the video conferencing service of the same name, was accused by the shareholder of concealing defects in the security system of the Zoom service, Bloomberg reports.
In a complaint filed on Tuesday with the San Francisco Federal Court, the company and its senior officials were charged with concealing the truth about flaws in encrypting the application, including its alleged vulnerability to hackers, as well as unauthorized disclosure of personal information to third parties, including Facebook.
Investor Michael Drieu, who has filed a class action lawsuit, claims that a series of public disclosures about application flaws affected the value of Zoom shares, although the company’s shares have risen 67% this year as investors rely on the video conferencing company to become one of the few beneficiaries among the many companies suffering from a downturn in the economy due to the coronavirus pandemic.
Starting with SpaceX and Tesla and ending with the New York Department of Education, departments and companies around the world began to ban the use of the application, which became popular during quarantine due to coronavirus. Zoom is used for virtual gatherings for cocktails or coffee before corporate meetings and distance learning.
Taiwan’s government was the first state to ban agencies from using Zoom. After this order was issued, the country’s Ministry of Education imposed a ban on the use of Zoom in schools. It is expected that the governments of other countries can follow the example of Taiwan.
Recently, with the spread of coronavirus, the popularity of Zoom has increased particularly, as people around the world are switching to remote work or study. In March, Zoom’s daily audience exceeded 200 million users. As a result, since the beginning of this year, the value of the company’s shares has more than doubled.
However, it recently became clear that Zoom does not use end-to-end encryption for video conferencing, and also allows outsiders to join the broadcasts. Records of meetings also appeared on public Internet servers.
Last week, Zoom head Eric Yuan apologized for not being able to meet user expectations regarding privacy and security. He also assured that the company has already taken measures to solve these problems.
“The quick development of teleconferencing platforms such as Zoom, without a proper security check, potentially jeopardizes trade secrets, government secrets, and human rights defenders,” researchers at the University of Toronto write.
Zoom is working to implement end-to-end encryption, but this is still a few months away, said the head of Zoom. Many of the problems are related to the fact that the application was aimed at corporate clients with their own IT security teams, and not at a wide consumer audience.
Cybersecurity experts have developed an automated system that can find 100 Zoom conferences each hour that are not password-protected. In a day, a hacker tool called zWarDial can detect about 2,400 public audio and video calls. This was told by computer security researcher Brian Krebs.
Specialists created the scanner for demonstration purposes, however, attackers can easily recreate it. ZWarDial works by brute force, that is, by sorting through unique identifiers of Zoom conferences from 9 to 11 digits in length. Having guessed the ID, the tool can then retrieve data about a scheduled or recurring meeting, including a link, date and time, the name of the organizer, and the topic of discussion.
“From the end of last year, new meetings have been closed by default with a password if administrators or account owners have not disabled this option,” Zoom representatives said. It is recommended that users set a unique ID and password, and if possible, limit the number of connections to the exact number of participants.
The current lawsuit is not the first to address the company. At the end of March, a lawsuit was filed by the court of the California city of San Jose against Zoom from a private person. The plaintiff claimed that the service collects personal data without notifying users.
Contact us: [email protected]