wordpress blog stats
Connect with us

Hi, what are you looking for?


Zoom creates information security council, appoints Alex Stamos in advisory role


After a series of security and privacy mishaps, Zoom has taken further steps to allay fears of its privacy and security, the company announced in a blog post yesterday. To start with, the company has created a Chief Information Security Officers Council (CISO Council) to advise it, with CISOs from HSBC and NTT Data, among others. The company is also tapping a subset of the council to advise Zoom CEO Eric S. Yuan personally, with security experts from Netflix, VMware and Uber.

The company will also rope in cybersecurity expert and Facebook’s former chief security officer Alex Stamos of Stanford University as an external advisor; Stamos has actively tweeted about Zoom’s privacy issues.


Zoom was banned from government use in Taiwan on 7 April over security concerns, and from schools in New York City one day earlier. On April 1, the company announced a feature freeze (as Stamos suggested above), as scrutiny on it built up as the company grew in size by a factor of 20. Here are Zoom’s security issues up until this point, in this year alone.

  • On April 8, Motherboard reported that several hackers are showing interest in so-called “zero-day” exploits, which are vulnerabilities that are not disclosed to anyone. The report says that the hackers are trying to sell these exploits to the highest bidder, which means there could be risks in the app that cannot be patched until the attacks actually happen. The report does not name any of the hackers.
  • On April 3, the Washington Post reported that several video call recordings were left in the open web, without any password protection required to access recordings. The videos included classes and therapy sessions.
  • On April 2, the New York Times reported a feature where even anonymous participants in a call could siphon off LinkedIn data about other participants without their knowledge. Zoom later removed this feature.
  • On April 1, researchers discovered a vulnerability where Windows users could have their operating system’s login password stolen with a malicious link sent on chat. CEO Yuan said that this issue has been patched.
  • On March 31, The Intercept reported how Zoom was misleadingly claiming that calls were end-to-end encrypted, when they were not. The company later changed the language to say that “Your client connection is encrypted”.
  • On March 31, security researcher Felix Seele discovered that Zoom’s macOS installation package was working around Apple’s requirements for installing apps by just extracting a compressed archive directly into Apple computers’ Applications folder, a tactic commonly employed by malware, and not legitimate software companies. CEO Yuan responded on Twitter and a fix was rolled out two days later.
  • On March 30, New York’s Attorney General Letitia James sent a letter to Zoom questioning its data privacy and security practices, the New York Times reported.
  • On March 26, a Motherboard investigation found that Zoom was sending user data to Facebook even if users were not logged in via the social media platform, or had an account there. Zoom updated the app to remove the Facebook Software Development Kit that was causing this data leak.
  • On March 24, Consumer Reports criticised Zoom’s privacy policy, saying it left the door open for the company to sell user data. The company then tightened its privacy policy, Consumer Reports said on March 30.

One major concern has been “zoombombing”, where people enter meetings that they are not meant to be included in; this has been an especially serious issue for Zoom, since the security settings by default on calls allowed anyone with a valid link to join the call. On April 4, the company announced that it would turn the Waiting Rooms feature on by default for all users, which would require hosts to manually approve each new caller.

Advertisement. Scroll to continue reading.
Written By

I cover the digital content ecosystem and telecom for MediaNama.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



The Delhi High Court should quash the government's order to block Tanul Thakur's website in light of the Shreya Singhal verdict by the Supreme...


Releasing the policy is akin to putting the proverbial 'cart before the horse'.


The industry's growth is being weighed down by taxation and legal uncertainty.


Due to the scale of regulatory and technical challenges, transparency reporting under the IT Rules has gotten off to a rocky start.


Here are possible reasons why Indians are not generating significant IAP revenues despite our download share crossing 30%.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ