The News: What to do about Zoombombing is becoming a key security concern for users the world over as instances of Zoombombing have become a thing. Zoombombing is an emerging trend where unwitting Zoom users are finding themselves surprised by attackers who pop into their meetings and screen share porn, profanity, hate messages, gender threats, and/or unsettling images or video. Zoombombing instances have happened to companies, government organizations, schools, universities, churches, random folks hosting meetings they share information about publicly — even brands have fallen victim to hackers hijacking their Zoom events. In a statement issued this past Monday, the FBI warned of teleconferencing and online classroom hijacking during the COVID-19 Pandemic as reports of Zoombombing instances are proliferating across the country. More at TechRepublic.
Analyst Take: What to do about Zoombombing as hackers and security issues plague Zoom? First, a quick back story. The growth in downloads of videoconference apps has been nothing short of astronomical over the course of the last few weeks, as people the world over embrace a new normal — working from home and learning from home. These apps have seen some 62 million plus downloads during the week of March 14th to 21st alone, the biggest week ever according to data collected by AppAnnie, and up 90 percent from the weekly average of business app downloads in all of 2019.
While Zoom is the darling of videoconferencing platforms of the moment, having made its platform free for K-12 schools early on in the COVID-19 outbreak, Google has also opened premium features for Hangouts Meet through July 1, 2020, Microsoft has offered a free six-month subscription to its Microsoft Teams product, and Cisco has offered expanded Webex capabilities to existing customers and free 90-day licenses to businesses who are not Webex customers. To get a visual on just how many millions of users the world over are relying on videoconferencing apps, here’s an overview of downloads during the week of March 15-21 compared to the weekly average for Q4 2019.
Image credit: AppAnnie
I’ve heard a lot about Zombombing over the course of the last week, and some stories are more horrifying than others. Can you imagine giving a presentation or a lecture and having someone Zoombomb your presentation by blasting pornographic images or sharing your personal information, like your street address? I can’t either. Here’s just one look at what transpired in a Zoombombing session, where a school district made a link to their meeting available online and the meeting was subsequently Zoombombed.
So, how to protect your videoconferences from Zoombombing? There are some simple steps Zoom users can take to protect their meetings, events, and teaching sessions. These include the following:
We’ve covered Zoom extensively here at Futurum Research, and admittedly are both fans of the company’s videoconferencing platform — and regular users. To be fair, we also use Cisco Webex and Microsoft Teams and Google Hangouts products as well — we are in the business of researching and analyzing collaboration platforms, capabilities, features, etc., and often act as advisors to the companies who make them. It is our job to be collaboration platform experts.
In early February, I wrote about Zoom, commenting on what we saw happening with the company’s stock as a result of the massive shift to WFH and online learning — Zoom Stock Finds a Bright Spot in Coronavirus Fears. But again, to be fair, we have also been concerned about and critical of Zoom’s approach to security at times over the course of the past year.
Zoombombing isn’t the only problem Zoom is wrestling with right now. On Monday, a California man filed a class action lawsuit alleging the company is violating the California Consumer Privacy Act, which requires companies to give consumers notice when their personal information is collected and shared. As an aside, this is likely only the beginning of the suits we’ll see of this nature as the CCPA just went into effect in January 2020.
The lawsuit alleges that Zoom has “failed to properly safeguard the personal information of the increasingly millions of users” who use the app. The lawsuit cites a report from Vice News that found that the Zoom iOS app has been sending Facebook details on users devices, phone carriers, the city they are in, the time zone they are in, AND perhaps the most troubling of all, a unique advertiser identifier created by the user’s device which then allows companies to target a user with ads by way of a Facebook login feature on the Zoom iOS app.
Zoom’s privacy policy is, as most privacy policies, intentionally vague and at times misleading — which seems to be the general rule as it relates to privacy policies. To address this issue, Zoom has said they are removing the “login with Facebook” functionality in the iOS version of the app, stated they were unaware of this data collection practice and apologized. The problem remains, of course, for users who are operating older, un-updated versions of the app. Note to device users everywhere: Update your apps and operating systems on the regular.
Zoom’s got problems in the state of New York as well, as NY Attorney General Letitia James is reportedly looking into Zoom’s data privacy and security practices. The AG’s letter to Zoom noted that while the platform is an “essential and valuable communications platform” there is concern about the company’s slowness to address security flaws and vulnerabilities that “could enable malicious third parties to, among other things, gain surreptitious access to consumer webcams.” Most importantly, pressure by the NY Attorney General will hopefully result in Zoom taking a proactive approach to security practices rather than a reactive one.
Zoom needs to get serious, and quickly, about adopting a security-first approach that its competitors in the collaboration space are leading with. Zoom has been great about apologizing, and fixing things, but what we — organizations relying on the Zoom platform, teachers and school districts using Zoom, children learning online by way of Zoom, and families using Zoom to stay connected to one another as we shelter in place as a result of COVID-19 — should be able to count on is that our data is and will remain private, that protections will be put into place so that our meetings and classrooms won’t be accessible to hackers, and that our data and our identities remain secure, from hackers or from Facebook or any other advertiser who want access to users and their data.
Zoom shares have skyrocketed since the beginning of the year and I am thrilled by their success. The path forward, however, relies on security. If the company is going to retain a customer base, especially that oh-so-valuable paid customer base that is what really allows companies to deliver shareholder value, then a proactive security first mindset is going to have to be the mantra they embrace and lead with. We’ll all be watching, and hoping they get this right.
Futurum Research provides industry research and analysis. These columns are for educational purposes only and should not be considered in any way investment advice.
Zoom Q3 Growth Slows But Its Trajectory Remains Solid
Cisco Finds Another Big Security Flaw With Zoom’s Connector for Cisco
The original version of this article was first published on Futurum Research.
In this guest contribution from Steve Vonder Haar, Senior Analyst with Wainhouse, a Futurum Group…
In this guest contribution from Craig Durr, Senior Analyst with Wainhouse, a Futurum Group Company,…
Futurum's Daniel Newman dives into the recent announcement coming out of Micron, that they will…
Futurum analyst Michael Diamond recaps the Amazon Devices and Services event and reviews some of…
Futurum senior analyst Steven Dickens provides his take on the latest announcements coming out of…
Futurum’s Ron Westfall and Daniel Newman examine Micron’s financial results for the fourth quarter 2022…