A number of high-profile companies including NASA, Google, the Australian Defence Force and even the US Senate are moving away from the popular video conferencing platform Zoom, citing security and privacy concerns.
While downloads of the video conferencing application continue to skyrocket with the recent pandemic forcing a huge number of the population to work remotely, security analysts and large companies are calling into question a number of security and privacy concerns.
The average number of users has risen from 10 million daily to 200 million daily in a three-month period.
Last week, Google announced that its employees were banned from using Zoom as a means of communication, following moves from the Pentagon, NASA, Space-X, the German Health Ministry, Australia’s Defence Force, New York City’s schooling system, the US Senate and the Taiwanese government.
Jose Castaneda, a spokesperson from Google said that “recently, our security team informed employees using Zoom Desktop Client that it will no longer run on corporate companies as it does not meet our security standards for apps used by our employees. Employees who have been using Zoom to stay in touch with family and friends can continue to do so through a web browser or via mobile,” he said.
As we reported recently, an ex-NSA hacker went public with a number of vulnerabilities he was able to exploit on the popular app. The hacker in question, Patrick Wardle was able to remotely access a user’s webcam and microphone, and in some cases, take control over the user’s device.
Zoom has since stated that it has addressed some of the most egregious flaws in its code, and has said that the sudden growth in daily users posed a number of challenges for the company, which it has since ‘patched’ with recent updates.
There is, however, some doubting this news from Zoom, with Standard Chartered's Chief Executive Officer, Bill Winters stating that cybersecurity concerns has led it to become the world’s first bank to ban its employees from using the platform. Winters also said that Google’s Hangout platform is missing a number of crucial security protocols to keep its user base safe.
According to a report from Reuters, “neither service offers the level of encryption of conversations that rivals like Cisco System Inc’s Webex, Microsoft Corp’s Teams or Blue Jeans Network inc do, industry experts said.”
There has also been a number of ‘zoombarding’ incidents, where a stranger is able to join a call. Some of the third parties have inserted nude photographs into high-profile conference calls, and verbally insulted participants.
One of the most serious cases of Zoombarding occurred less than a week ago, where two men were able to enter a Zoom virtual classroom session filled with young Singaporean schoolchildren, verbally harassed them and even asked children to ‘flash’.
Singapore’s representative for Educational Technology issued a statement soon after stating that “as a precautionary measure, our teachers will suspend their use of Zoom until these security issues are ironed out,” adding that the government was in the process of establishing “security measures they must adhere to,” in order to secure log-ins of a classroom session.
It's essential that your organisation remains proactive about any possible security concerns, regardless of how isolated reports may be. Implementing an information security management system like ISO 27001 is one of the most effective ways to keep the data your organisation is responsible for keeping secure in the right hands. For a guide on how to implement ISO 27001, click here.