The rise and fall of Zoom…

The rise and fall of Zoom...

The rise and fall of Zoom…

6th April, 2020

There has been rapid (maybe even rampant) adoption of collaboration and conferencing solutions since the start of the year, with most organisations exploiting tools such as Zoom, Teams and Webex to connect colleagues and clients all now working remotely as a result of the COVID-19 pandemic.

Zoom was already a firm favourite as the product is easy to use, feature-rich, platform/OS independent and integrates well with audio-conference and other productivity solutions.

The surge in demand in the last eight weeks (200m subscribers) twinned with benevolent gestures by Zoom’s CEO (offering free use to schools) served to ramp up its already strong share price. However, despite analysts believing this stock would buck the downward market trend due to Coronavirus, continuing concerns over the company’s stance on security have triggered a ~25% share price decline over four consecutive days this week. Pre-market activity suggests the price will drop further today.

Recent security concerns exposed by software vulnerability researchers and industry experts revolve around five key tenants:

  • Weak conference default security settings
  • Zoom’s own privacy policy allowed them to collect data
  • Harvesting of usage data to Facebook (triggering a class-action lawsuit)
  • Big Brother-esque “user attention tracking” feature
  • Questionable claims of end-to-end encryption capabilities.

Any of these on their own would be significant. The first issue has lead to the phrase “Zoombombing” being coined to denote video-conferences being hijacked by unwanted intruders. There are even websites identifying Zoom conferences that could be exploited due to their security settings.

The concerns about Zoom are not a new thing. Back last summer, security experts flagged that attackers could craft malicious links giving them control of a Zoom user’s video-feed/camera.

In response, Zoom’s CEO, Eric Yuan posted a blog response yesterday, outlining a shift in direction to focus on security, application security audits, penetration tests and to implement a feature code freeze. However, yet more issues have surfaced with Zoom acknowledging that they “mistakenly” opted to route calls through two Chinese data centres in order to deal with unprecedented capacity demands.

Our recommendation would be to bear these issues in mind when selecting a default product in this space. There are alternatives such as Teams, Skype, GoToMeeting, BlueJeans, Webex & Pexip to name a few. As an organisation, we now mandate the use of Microsoft Teams and have taken the step at the start of this week to ban Zoom for internal communication. The integration with other Office365 products and data offers a very powerful user experience and we have sourced conference room equipment that is Teams-ready. With that said, our customers use all of those just mentioned and more, whether through personal preference or for particular features they exploit.

The use of Zoom is ubiquitous and it is likely you may be asked to third party bridges using this product in the course of your work. Before you do, please take a moment to read through the risks outlined above, ensure your device is suitably patched, the application is up-to-date and that the application only has the minimum access required to perform the functions required. You might also choose to ask whether an alternative is available….

John Bryant, Options CTO

Leave a Reply

Your email address will not be published. Required fields are marked *