The number of users on the video conferencing platform Zoom is up by 378% this year, according to JPMorgan analyst Sterling Auty, who cites data from Apptopia, as friends, family, employees and collaborators try to stay connected amid lockdowns and quarantines to contain the spread of the coronavirus.
The company website, security white paper and app give users assurance that Zoom meetings are secured with end-to-end (E2E) encryption as long as participants use computer audio to connect during the meetings.
E2E encryption enables private internet communication by preventing outside parties from accessing secured conversations.
However, recent incidents reveal that meetings on the popular video conferencing platform Zoom are not as secure – or encrypted – as users believed.
Trolls are breaking into Zoom video meetings for online classes and private chats.
Business Insider reports that pranksters organizing so-called “Zoom-bombs” are harassing Zoom users by appearing uninvited in their conference calls, hurling racist slurs and posting pornographic content, as well as recording meetings and posting them on YouTube and TikTok.
Amid mounting complaints, The Intercept reports that a Zoom spokesperson reveals how the company uses transport encryption as opposed to end-to-end encryption, a much more secure technology for protecting video sessions against random intruders.
According to the representative,
“Currently, it is not possible to enable E2E encryption for Zoom video meetings.”
The Intercept explains how a lack of end-to-end encryption can compromise the video and audio content of Zoom conferences as well as compromise a participant whose voice and image may not be protected as expected.
“Without end-to-end encryption, Zoom has the technical ability to spy on private video meetings and could be compelled to hand over recordings of meetings to governments or law enforcement in response to legal requests.”
The Federal Bureau of Investigation has also issued a warning about “online classroom hijacking” on Zoom. The company is now the subject of lawsuit alleging Zoom mishandled private user data by giving it to various outside companies such as Facebook.
Meanwhile, New York attorney general Laetitia James is looking into Zoom’s safety practices since the company is experiencing a massive upsurge in video conferencing amidst widespread stay-at-home orders during the pandemic.
In a letter sent on Monday, James has asked the video conferencing firm for information on how it is managing the increased traffic on its network, expressing skepticism about Zoom’s ability to protect user data.
“Zoom’s existing security practices might not be sufficient to adapt to the recent and sudden surge in both the volume and sensitivity of data being passed through its network…
While Zoom has remediated specific reported security vulnerabilities, we would like to understand whether Zoom has undertaken a broader review of its security practices.”
A Zoom spokesperson responded on Tuesday and is expected to provide James with the requested information. The company has also issued a response to the lawsuit and says it has changed the way it interfaces with Facebook.
Featured Image: Shutterstock/Stockbakery