Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

NYC schools pull the plug on Zoom following FBI warning

Despite efforts to ramp up security measures, video conferencing software provider Zoom is finding itself banned from education departments and major corporations like SpaceX.

New York City's Department of Education has banned teachers from using the popular video conferencing tool, Zoom, to teach students remotely during the COVID-19 outbreak. Originally, teachers preferred using the platform as its minimal setup and simple design means both teachers and students have fewer issues using it compared to other conferencing platforms.

However, with the rise in "zoombombing" incidents, educators are beginning to worry for the safety of teachers and students alike.

"Zoombombing" occurs when a bad actor takes control of a Zoom conference call. Many times, the hijacker will remain silent and merely observe the calls. Other times, they use it as a platform to harass viewers, posting shocking images and using hate speech. According to Business Insider, incidents were reported to have happened in online classes, corporate gatherings, and even a virtual Alcoholics Anonymous meeting.

The FBI issued multiple public warnings about the Zoombombing. It ultimately made a public statement on their website, about using the software.

Schools aren't the only ones banning Zoom, either. On March 28, Elon Musk's SpaceX banned the program, instructing employees to use email, text, or phone calls as alternative methods for communication. Additionally, the Australian Ministry of Defense has also banned any use of the software.

Zoom announced on April 2 that they would be entering a 90-day development freeze as it sought to address privacy concerns. They plan on bolstering their security features through a variety of means, including white-box penetration tests and expanding current bug-testing procedures.

Zoom will begin meeting with third-party experts, as well as Zoom users, to "understand and ensure the security of all of our new consumer use cases." The company plans on preparing a transparency report to handle requests for data, records, and content. The company will also host a weekly webinar to provide security updates to Zoom users.

The most recent flurry of complaints started when it was discovered that the company was sending user data to Facebook without their permission. Zoom notified Facebook when the iOS app was opened, what device a user was using, what carrier they're on, and what city and time zone they're connecting from. The data also included a unique advertiser tag, connected to a user's device, that companies use to target advertisements.

Zoom had publicly told news outlets that the information had been anonymized, but understood why users were upset. The company removed the app's ability to send data to Facebook in an update pushed out on March 27.

Shortly after, security experts found that Zoom was able to install itself on Macs by working around Apple's security features. It was concurrently discovered that the company had claimed the service offered end-to-end encryption but did not possess those features.

On April 1, it was discovered that a flaw in Zoom's software allows a local user or piece of malware to piggyback on Zoom's camera and microphone permissions. An attacker can inject malicious code into Zoom's process space and "inherit" camera and microphone permissions, allowing them to hijack them without a user's knowledge.



23 Comments

sflocal 16 Years · 6138 comments

What an absolute embarrassment for Zoom.  They literally were in a very coveted position in the video conferencing market and screwed it up royally.  The CEO should be fired right now.  There is absolutely no excuse to have those kind of security issues, especially when the company has been in business for as long as it has been.  

They got comfortable and lazy.  No other way to say it.  Shame on them, shame on the CEO.

Andy.Hardwake 6 Years · 38 comments

I’ve been trying to delete my account since last Thursday and couldn’t even log in from the web... Error 502 no matter what I do...

SpamSandwich 19 Years · 32917 comments

Life is too short for terrible software.

StrangeDays 8 Years · 12986 comments

It’s worse than zoombombing. It’s been revealed that they’re using weak encryption, that videos are exposed with guessable file names to anyone, and that keys are issued via servers in China. I would consider anything streamed thru it to be compromised. 

https://daringfireball.net/linked/2020/04/04/schneier-zoom

https://daringfireball.net/linked/2020/04/03/zoom-china

https://daringfireball.net/linked/2020/04/03/zoom-recorded-videos

Beats 4 Years · 3073 comments

I know Facetime isn't cross-platform but Apple needs to take some of their market/mindshare.