1. Companies such as NASA and Elon Musk’s SpaceX have banned employees from using the video-conferencing app Zoom over “significant privacy and security concerns,” according to a memo seen by Reuters.
  2. The outbreak has led to mixed messages towards Zoom.
    • With companies and students working from home on a global scale, the number of Zoom users has spiked.
    • The company however has seen scrutiny due to its product security and privacy standards.
      • Patrick Wardle, a former NSA hacker and founder of Apple-focused security company Objective-See, disclosed a new vulnerability in the macOS Zoom installer, which was using a deprecated and insecure application programming interface in macOS.
      • The Zoom Windows client was leaking network credentials due to the app rendering UNC file paths as a clickable link in group chat windows.
      • Zdnet.com reported, Zoom was also slammed for allegedly misleading users about the platform’s end-to-end (E2E) encryption. Zoom has admitted that E2E is not currently possible for Zoom video meetings and instead uses transport layer security (TLS) encryption.
      • Last week, Zoom removed the Facebook SDK in its iOS app after a report that it was sending device analytic data to Facebook, even for users without a Facebook account.
      • The FBI Boston Division this week warned schools about two cases of strangers ‘zoom-bombing’ online classrooms at two separate Massachusetts-based high schools.
      • FBI cautioned schools against making meetings or classrooms public and urged them to require a meeting password. Additionally, it advised against sharing links to classrooms on publicly available social-media posts.
  3. Zoom is stopping production of all new features so they can focus on the security and privacy issues
    • Zoom founder, Eric Yuan said the company was immediately freezing all new feature development and turning its engineers to the platform’s trust, safety, and privacy issues. He also outlined the following fixes in current blog posts:
      • Zoom has released a fix for the UNC link issue in the Windows client.
      • Zoom released fixes for the macOS issues and apologized for the confusion around its E2E. Zoom also denied having built a mechanism to decrypt live meetings for lawful intercept purposes
      • Zoom removed the attendee attention tracker feature and removed the LinkedIn Sales Navigator in Zoom, which it found was unnecessarily disclosing data.
      • The company will also commence a “comprehensive review with third-party experts and representative users to understand and ensure the security of all our new consumer use cases”.

SCOOTER NOTE: Starting next week, Zoom founder, Eric Yuan will host a weekly webinar on Wednesdays at 10am PT to provide privacy and security updates to the Zoom community. We recommend tuning in and staying up to date. We will continue to post as news and updates arise.