Videoconferencing platform Zoom is rolling out a number of measures meant to stem criticism over how it has handled security as users flock to the application during the coronavirus pandemic.
Zoom chief executive Eric Yuan laid out steps Wednesday that the company is taking against problems such as data hacking and harassment by individuals who crash sessions in what is referred to as “Zoombombing.”
By week’s end, paid account holders will be able to select which regions their data is routed through during their sessions in a move apparently aimed at concerns over information passing through China where it might be subject to snooping.
“As a reminder, meeting servers in China have always been geofenced with the goal of ensuring that meeting data of users outside of China stays outside of China,” Zoom said in an online post.
The Silicon Valley startup also said that it is working with cyber-security firm Luta Security to overhaul processes and its “bug bounty” program that pays rewards to researchers who find security flaws in its operations.
Zoom also addressed a recent report that users’ log-in information was being sold by criminals on the “dark web.”
The credentials were likely stolen elsewhere on the internet, or by malicious code slipped into people’s computers, according to Zoom advisor Alex Stamos, former chief of security at Facebook.
It is not uncommon for hackers to take passwords and account names pilfered in data breaches and then check whether people use them for other online services.
Zoom said it is building systems to “detect whether people are trying out username and password pairings and block them from trying again.”
Improvements to Zoom security also include a toolbar to easily access features such as locking chats from strangers and making meeting password requirements a default setting.
“To successfully scale a video-heavy platform to such a size with no appreciable downtime and in the space of weeks is literally unprecedented in the history of the internet,” Stamos said in a post.
“The related security challenges are fascinating.”
India this week banned the use of Zoom for government remote meetings, saying it “is not a safe platform.”
The New York school system has also banned the videoconferencing platform based on security concerns.
Prosecutors from several US states are meanwhile investigating the company’s privacy and security practices, and the FBI has warned of Zoom sessions being hijacked.
According to Yuan, the number of people taking part in Zoom meetings daily eclipsed 200 million in March, up from just 10 million at the end of last year.
Related: Zoom’s Security and Privacy Woes Violated GDPR, Expert Says
Related: Trojanized Zoom Apps Target Remote Workers
Related: Vulnerability Allowed Attackers to Join Zoom Meetings
Related: Zoom Conferencing App Exposes Enterprises to Attacks
Related: WebEx, Zoom Meetings Exposed to Snooping via Enumeration Attacks
More from AFP
- Spain Needs More Transparency Over Pegasus: EU Lawmakers
- Huawei Has Replaced Thousands of US-Banned Parts With Chinese Versions: Founder
- Poland Breaks up Russian Spy Ring
- Facebook ‘Unlawfully’ Used Dutch Personal Data: Court
- White House Cybersecurity Strategy Stresses Software Safety
- Internet Access, Privacy ‘Essential for Freedom’: Proton Chief
- ‘Hackers’ Behind Air Raid Alerts Across Russia: Official
- Spies, Hackers, Informants: How China Snoops on the US
Latest News
- CISA, NSA Issue Guidance for IAM Administrators
- Analysis: SEC Cybersecurity Proposals and Biden’s National Cybersecurity Strategy
- Intel Boasts Attack Surface Reduction With New 13th Gen Core vPro Platform
- Cisco Patches High-Severity Vulnerabilities in IOS Software
- ‘Nexus’ Android Trojan Targets 450 Financial Applications
- Tackling the Challenge of Actionable Intelligence Through Context
- Dole Says Employee Information Compromised in Ransomware Attack
- Backslash Snags $8M Seed Financing for AppSec Tech
