Federal regulators are requiring Zoom to strengthen its security in a proposed settlement of allegations that the video conferencing service misled users about its level of security for meetings.
The settlement was announced Monday by the Federal Trade Commission. A complaint filed by the agency accused Zoom of deceiving users over security since at least 2016. It said the company held on to cryptographic keys that allowed it to access content from its customers’ meetings, and secured meetings with a lower level of privacy encryption than it promised customers.
The regulators alleged that Zoom “engaged in a series of deceptive and unfair practices that undermined the security of its users.”
Zoom Video Communications Inc., based in San Jose, California, would be required under the settlement to take specific measures, such as establishing a program for resolving privacy vulnerability. Company personnel would be required to review any software updates for security flaws.
The vote was 3-2 to propose the agreement, with the FTC’s two Democratic commissioners, Rohit Chopra and Rebecca Kelly Slaughter, dissenting because it doesn’t require refunds or other redress for affected customers. The proposal will be opened to public comment for 30 days, after which the agency will decide whether to make it final.
Related: Zoom’s Security and Privacy Woes Violated GDPR, Expert Says
Related: Zoom Announces Technical Preview of End-to-End Encryption
More from Associated Press
- Google Suspends Chinese Shopping App Amid Security Concerns
- Silicon Valley Bank Seized by FDIC as Depositors Pull Cash
- Congress Members Warned of Significant Health Data Breach
- Cyberattack Hits Major Hospital in Spanish City of Barcelona
- European Police, FBI Bust International Cybercrime Gang
- BetterHelp Shared Users’ Sensitive Health Data, FTC Says
- EPA Mandates States Report on Cyber Threats to Water Systems
- Why TikTok Is Being Banned on Gov’t Phones in US and Beyond
Latest News
- CISA, NSA Issue Guidance for IAM Administrators
- Analysis: SEC Cybersecurity Proposals and Biden’s National Cybersecurity Strategy
- Intel Boasts Attack Surface Reduction With New 13th Gen Core vPro Platform
- Cisco Patches High-Severity Vulnerabilities in IOS Software
- ‘Nexus’ Android Trojan Targets 450 Financial Applications
- Tackling the Challenge of Actionable Intelligence Through Context
- Dole Says Employee Information Compromised in Ransomware Attack
- Backslash Snags $8M Seed Financing for AppSec Tech
