Zoom — the video conferencing software that blew up from 10 million daily users by December 2019, to over 200 million by March. It should come as no surprise as more eyeballs focus on popular software. It should also be no surprise when questions around security are raised.
But the main problem for Zoom is the extent of the company’s security lapses. The issues have started to snowball and now people are questioning the practicality of using Zoom for convenience over privacy and security. However, despite the many problems, it seems like the company is trying hard to get back on the people’s good side. Whether it will come to fruition, time will tell.
The need for better awareness
The convenience and user-friendliness of Zoom make the software all the more appealing to the masses. Everyone from teachers to celebrities is now using Zoom. So, user adoption will only grow with the current pandemic situation. This reflects the need for greater awareness around using software like Zoom. Following the many cases of “ZoomBombing”, this is a given.
For those wondering what ZoomBombing is, its simply using Zoom’s screen-sharing feature to cut meetings with inappropriate content.
One way of tackling is structuring content on creating awareness. Zoom has a dedicated page on its website for COVID-19. According to the company, its efforts include training sessions and tutorials, webinars, etc. to help users familiarize themselves with the service.
But that’s just the tip of the iceberg. Following the massive wave of criticism, Zoom CEO Eric Yuan published a blog post addressing the many issues raised.
A promise to do better
In the blog post, Eric talks about the platform’s explosive growth in the past few months. He also acknowledges the reported security flaws and privacy concerns. Eric follows up with what the company has been doing so far and its plans in the coming future. The CEO actually doubled down on taking responsibility for Zoom’s security mishaps. In a recent interview with The Wall Street Journal, he mentioned that “I really messed up as CEO” and that he felt “an obligation to win the users’ trust back”.
Of course, It’s not enough to accept your errors and promise to do better. You have to make good on those promises too. Several of Zoom’s security vulnerabilities have already been patched. For example, on March 31st concerns were raised around how Zoom’s iOS installer works around Apple’s OS restrictions. Two days later, Zoom CEO responded to the tweet explaining the situation. The issue was patched the very next day.
The quick action wasn’t limited to the one issue. The company has been reacting at a fast pace, plugging loopholes where possible. Eric highlighted some of these actions taken in his April 1st blog post. Perhaps the biggest move from Zoom is that its team will stop working on new features for Zoom. Instead, the engineering team will focus on fortifying the software’s defenses. Thus indicating a more proactive approach towards security. Better late than never.
For god sake, security isn’t optional!
In a Forbes interview last year after its IPO, Zoom’s customer service chief Jim Mercer recalled one of his former GoToMeeting colleague's first impressions of the product. “One click, we were in, and there were 25 feeds of participants at the same time. We were like, ‘What is this voodoo? How are they doing it?’”
The key selling point for Zoom following its IPO is also the same key selling point today — convenience. This is why adoption has been explosive across the spectrum, even though Zoom was originally meant for enterprises. For the average person trying to achieve normality, Zoom is a powerful enabler.
Unfortunately, this translates to poor security considerations as a tech product. Often times, security is the price we pay for convenience. Part of that could be pointed towards the need for pushing a product to the market. Delaying a product or feature could mean losing out on the market. Particularly in tech. Imagine if the original Macintosh interface was delayed and launched after Windows 1. Apple’s first-mover advantage would have gone down the drain.
As such, developers are often rushed to reaching the finish line first place. Thereby, security is almost an afterthought in most cases. For example, fitness tracking app Strava released a heat map in November 2017, showing user activity from around the world. It was meant to be a visual representation of the level of activity of its members. But it turns out, the same heat map inadvertently exposed military base locations.
People also don’t care about security
However, the blame on companies alone is unfair. Part of the responsibility also falls on the people. But society, in general, doesn’t pay enough attention to security. We hardly change our passwords. We use the same password to access different accounts. We hardly update our systems. Its this type of negligence that leads to catastrophic situations like WannaCry.
Even in Zoom’s case, the company has already patched several vulnerabilities. But how many users would make the effort to update the app?
After all, cybersecurity isn’t something to forego for the sake of convenience. But rather, it's a vital component of your daily life. Particularly since most of our lives are centered around the web now. Unfortunately, for Zoom, it seems like the mountain is getting steeper and steeper.
Will Zoom turn the tide in its favor?
Authorities around the world are reconsidering using Zoom. In New York, schools are no longer allowed to use the service to conduct remote classes. Australia has prohibited its MPs and the Defense Force from using Zoom. The latest on the list is Taiwan. The Taiwanese government has barred the country’s government agencies from using Zoom. Even Google has followed suit.
However, it does seem like US authorities are responding positively over Zoom’s responsiveness. The Department of Homeland Security drafted a memo stating that Zoom “was responding to the criticisms and understood how serious they were”, according to Reuters. But it could also be a reactive response from the DHS over the many security questions.
Nevertheless, it looks like the opportune moment for the competition to step up. Most notably Microsoft. Microsoft Teams, together with its Office 365 offering makes a strong case for users looking for alternatives. As of March 18th, Microsoft Teams reported 44 million daily active users on the platform. The tech giant has also introduced a new feature on Skype called “Meet Now”. This basically allows a participant to join a Skype call without having to sign up for the service.
This makes Zoom’s uphill battle even more challenging. On one hand, the company has to tackle its many security problems. On the other hand, Zoom has to work equally hard to rebuild the trust factor among authorities. Now, Zoom has to fight its rivals too.
Overall, the company has a long way to go to build users’ trust. The general indication suggests that the company is indeed making the right moves. But it will be a while until Zoom instills confidence. For now, Zoom is a ticking time bomb for security and privacy.