Teleconferencing firm Zoom sued over privacy, security flaws

Updated
Apr 09, 2020, 05:00 AM
Published
Apr 09, 2020, 05:00 AM

SAN FRANCISCO • Zoom Video Communications has been accused by a shareholder of hiding flaws in its video-conferencing app, part of a growing backlash against security loopholes that were laid bare after an explosion in worldwide usage.

In a complaint filed in the San Francisco federal court on Tuesday, the company and its top officers were accused of concealing the truth about shortcomings in the app's software encryption, including its alleged vulnerability to hackers, as well as the unauthorised disclosure of personal information to third parties including Facebook.

Investor Michael Drieu, who filed the suit as a class action, claims a series of public revelations about the app's deficiencies starting last year dented Zoom's stock price - though the shares are still up 67 per cent this year as investors bet that the teleconferencing firm would be one of the rare winners from the coronavirus pandemic.

Agencies worldwide have begun to ban usage of the app whose popularity has surged during the coronavirus lockdown as a platform for everything from virtual cocktail hours to classroom learning. On Tuesday, Taiwan barred all official use of Zoom, becoming one of the first governments to do so.

Zoom chief executive officer Eric Yuan has apologised for the lapses, acknowledging in a blog post last week that the company had fallen short of expectations over privacy and security.

Cyber security researchers warn that hackers can exploit vulnerabilities in the software to eavesdrop on meetings or commandeer machines to access secure files. Weak encryption has given rise to "Zoombombing", where uninvited trolls gain access to a video conference to harass participants. Recordings of meetings have also shown up on public servers.

Zoom also routed data through servers in China and used developers there, Citizen Lab said in a report last week. "The rapid uptake of teleconference platforms such as Zoom, without proper vetting, potentially puts trade secrets, state secrets, and human rights defenders at risk," researchers at the University of Toronto's Citizen Lab wrote.

The firm said it had mistakenly sent traffic through Chinese data centres as it was dealing with a "massive increase" in demand. It said it has stopped using that capacity as backup for non-Chinese clients. Zoom is working on adding end-to-end encryption but that is still months away, Mr Yuan has said.

The number of daily meeting participants across Zoom's paid and free services has gone from 10 million at end-2019 to 200 million, the firm said.

BLOOMBERG

Join ST's Telegram channel and get the latest breaking news delivered to you.

A version of this article appeared in the print edition of The Straits Times on April 09, 2020, with the headline Teleconferencing firm Zoom sued over privacy, security flaws. Subscribe

Available for
iPhones and iPads
Available in
Google Play

MCI (P) 066/10/2023. Published by SPH Media Limited, Co. Regn. No. 202120748H. Copyright © 2024 SPH Media Limited. All rights reserved.

Back to the top