Zoom has promised to revamp its security protocols after the Federal Trade Commission (FTC) found that the video conferencing (opens in new tab) tool misled users by claiming that its encryption was more robust than it really was.
As the coronavirus pandemic raged across the globe, digital communications tools such as Zoom (opens in new tab) saw a huge increase in users.
And as competition between platforms heated up, Zoom made claims that the end-to-end encryption it offered made it impossible for anyone to listen in to calls. Zoom has now had to retract those claims as part of a settlement with the FTC.
- Here's our list of the best collaboration tools (opens in new tab) right now
- Check out our roundup of the best help desk software (opens in new tab) and live chat software (opens in new tab)
- We've built a list of the best VoIP services (opens in new tab) available
“In its complaint, the FTC alleged that, since at least 2016, Zoom misled users by touting that it offered ‘end-to-end, 256-bit encryption’ to secure users’ communications, when in fact it provided a lower level of security,” an FTC press release explained (opens in new tab).
“End-to-end encryption is a method of securing communications so that only the sender and recipient(s) – and no other person, not even the platform provider - can read the content. In reality, the FTC alleges, Zoom maintained the cryptographic keys that could allow Zoom to access the content of its customers’ meetings, and secured its Zoom Meetings, in part, with a lower level of encryption than promised.”
Misleading claims
The FTC also alleges that Zoom kept recorded meetings unencrypted on its servers for up to 60 days, despite claiming to encrypt all recorded meetings immediately. Zoom’s secret installation of the ZoomOpener web server could also have compromised user security, the FTC claims.
In response to the FTC’s complaint, Zoom has agreed to “establish and implement a comprehensive security program” and is prohibited from misrepresenting its privacy and security credentials. In addition, Zoom must implement a vulnerability management program and deploy safeguards such as multi-factor authentication to protect against unauthorized access to its network.
With rivals like Microsoft Teams (opens in new tab) and Cisco’s Webex (opens in new tab) also receiving a huge boost in popularity as a result of the pandemic, it remains to be seen whether Zoom’s tattered security reputation will see its users jump ship to one of its rivals.
- Take a look at our list of the best headsets for conference calls (opens in new tab) right now
Via TechCrunch (opens in new tab)