Zoom promises major security overhaul

Zoom meeting
(Image credit: Zoom Video Communications)
Audio player loading…

Zoom has promised to revamp its security protocols after the Federal Trade Commission (FTC) found that the video conferencing (opens in new tab) tool misled users by claiming that its encryption was more robust than it really was.

As the coronavirus pandemic raged across the globe, digital communications tools such as Zoom (opens in new tab) saw a huge increase in users. 

And as competition between platforms heated up, Zoom made claims that the end-to-end encryption it offered made it impossible for anyone to listen in to calls. Zoom has now had to retract those claims as part of a settlement with the FTC.

“In its complaint, the FTC alleged that, since at least 2016, Zoom misled users by touting that it offered ‘end-to-end, 256-bit encryption’ to secure users’ communications, when in fact it provided a lower level of security,” an FTC press release explained (opens in new tab)

“End-to-end encryption is a method of securing communications so that only the sender and recipient(s) – and no other person, not even the platform provider - can read the content. In reality, the FTC alleges, Zoom maintained the cryptographic keys that could allow Zoom to access the content of its customers’ meetings, and secured its Zoom Meetings, in part, with a lower level of encryption than promised.”

Misleading claims

The FTC also alleges that Zoom kept recorded meetings unencrypted on its servers for up to 60 days, despite claiming to encrypt all recorded meetings immediately. Zoom’s secret installation of the ZoomOpener web server could also have compromised user security, the FTC claims.

In response to the FTC’s complaint, Zoom has agreed to “establish and implement a comprehensive security program” and is prohibited from misrepresenting its privacy and security credentials. In addition, Zoom must implement a vulnerability management program and deploy safeguards such as multi-factor authentication to protect against unauthorized access to its network.

With rivals like Microsoft Teams (opens in new tab) and Cisco’s Webex (opens in new tab) also receiving a huge boost in popularity as a result of the pandemic, it remains to be seen whether Zoom’s tattered security reputation will see its users jump ship to one of its rivals.

Via TechCrunch (opens in new tab)

Barclay Ballard

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things.