Zoom Sued for Fraud Over Privacy, Security Flaws
Zoom Video Communications Inc. has been accused by the shareholder of hiding flaws in its video conferencing app, part of a growing backlash against security flaws that have been exposed following an explosion in worldwide use.
In a complaint filed by the San Francisco federal court on Tuesday, the company and its senior officials were accused of concealing the truth about the application’s software encryption deficiencies, including its alleged vulnerability to hackers, as well as the unauthorized disclosure of personal information to third parties, including Facebook Inc.
Investor Michael Drieu, who filed the suit as a class action, claims a series of public revelations about the app’s deficiencies starting last year have dented Zoom’s stock price — though the shares are still up 67% this year as investors bet that the teleconferencing company would be one of the rare winners from the coronavirus pandemic.
From Elon Musk’s SpaceX and Tesla Inc. to New York City’s Department of Education, agencies around the world have begun to ban the use of an app that rose during the coronavirus lockdown as a home for everything from virtual cocktail hours to cabinet meetings and classroom learning.On March 6 (Tuesday), Taiwan prohibits all official to use Zoom, becoming one of the first governments to do so.
Zoom Chief Executive Officer Eric Yuan apologized for the lapses, recognizing that last week in a blog post, the company had fallen short of expectations about privacy and security. Cybersecurity researchers warn that hackers can exploit software vulnerabilities to eavesdrop on meetings or commandeer machines to access secure files. Weak encryption technology has given rise to the “Zoombombing” phenomenon, where uninvited trolls gain access to a video conference to harass other participants. Recordings of meetings have also been shown on public internet servers.
The business also routed data through servers in China and used developers there, Citizen Lab said in a report last week. Any official data routed through China poses a major risk for Taiwan, a self-ruled island that Beijing claims as part of its territory. Taiwan’s government rejects China’s assertion, viewing the island as a sovereign nation.
“The rapid uptake of teleconference platforms such as Zoom, without proper vetting, potentially puts trade secrets, state secrets, and human rights defenders at risk,” researchers at the University of Toronto’s Citizen Lab wrote.
The business said it had mistakenly sent traffic through Chinese data centers as it was dealing with a “massive increase” in demand. It said it has stopped using that capacity as backup for non-Chinese clients.
Zoom is working on adding end-to-end encryption, but that’s still months away, Yuan said. Many of the issues arise from the fact that the app was built for corporate customers with their own IT security teams, instead of being the popular user app. The number of day-to-day meeting participants across Zoom’s paid and free services has gone from around 10 million at the end of last year to 200 million now, the company said. Most of these people are using a free service.