https://www.afr.com/companies/telec...al-its-future-remains-unclear-20200413-p54jdu Drake Bennett and Nico Grant Apr 16, 2020 – 5.01pm The social network for the pandemic The videoconferencing app has kept the world connected during the pandemic, but its founder Eric Yuan never set out to create the world's social fabric. Zoom CEO Eric Yuan attends the opening bell at Nasdaq as his company holds its IPO in New York last year. AP Like the rest of us, Eric Yuan is taking things day by day right now. The founder and chief executive officer of teleconferencing software company Zoom gets up each morning, after three or four hours’ sleep, and nervously checks the previous day’s capacity numbers to make sure the servers aren’t overwhelmed by traffic. Then he begins the long slog of videoconference calls from his home in San Francisco's Bay Area. “It’s too many Zoom meetings,” he says, via Zoom. “I hate that.” Along with the crush of new users and the challenge of running a business during a pandemic, there’s the deluge of negative news stories, the letter from the New York state attorney general, complaints from Democratic senators, and class actions filed on behalf of consumers and shareholders –all accusing Zoom of mishandling or abusing user data while allowing hackers to run amok. It’s not helping that, with school and college cancelled, Yuan’s three kids are at home clogging up the Wi-Fi. The other night he got an email from a mother about a troll who invaded her kid’s Zoom virtual classroom and showed inappropriate content. Afterward, he couldn’t fall asleep. Happy hour: the use of Zoom has skyrocketed during the COVID-19 crisis. PA The only thing keeping Yuan sane is his mother, who’s been living with the family. Each day for lunch she brings him a noodle or rice dish she’s made, upbraiding him when he forgets to eat it. And if Yuan has time after dinner, mother and son take a walk in his backyard. “I tell myself, every morning when I wake up, two things,” Yuan says. “Don’t let the world down. Don’t let our users down.” A month ago, his company was merely a fast-growing success story in the somewhat boring universe of enterprise communications. Today, suddenly, Zoom is critical infrastructure. As billions of people around the world socially distance to blunt the toll of the coronavirus, those lucky enough to still have jobs are trying to work them from home. To do so, they’re turning to remote collaboration tools. Messaging platforms such as Slack and videoconferencing software like Cisco Webex, Microsoft Teams, and, especially, Zoom, have seen explosions in traffic. I never thought that overnight the whole world would be using Zoom. Unfortunately, we did not prepare well, mentally and strategy-wise. — Eric Yuan, Zoom founder “Every day is a record,” Yuan says. Zoom’s daily users, 10 million in December, now number 200 million. The company’s share price has climbed 72 per cent in the same period – doubling from early February to late March before dropping off – even as markets and the global economy have been pummelled. Zoom’s new traffic isn’t just from workplace conference calls. Its simple interface – users enter a meeting with one click – has made it perfect for millions of people who want to maintain at least a diluted form of human contact. Schools and colleges are teaching classes on Zoom; Alcoholics Anonymous groups are using it to hold meetings; people are going to Zoom family reunions and happy hours and trivia nights. They’re dating, talking to therapists, and having birthdays. In photos his sister posted on Twitter, Hunter Lee, a food sales associate from Greensburg, Pennsylvania, celebrated turning 21 with family and friends looking out from the corner of the room, their webcam images tiled on the screen. A few days earlier, British psychiatrist Rob Baskind "Zoomed" into the funeral of his mother, who had succumbed to the virus. For many, Zoom has become not just a way to socialise, but the social fabric itself. Yuan is as surprised as anyone else at this turn of events. He didn’t set out to create a business that would be a household name, in these circumstances or any others. And while it’s a testament to the technology that it has mostly handled a twentyfold surge in usage, in other ways the company, like many others, was blindsided by the past few weeks. Zoom has become an integral tool not just for office meetings, but for helping to maintain some semblance of a social life. Getty “I never thought that overnight the whole world would be using Zoom,” he says. “Unfortunately, we did not prepare well, mentally and strategy-wise.” Historically, giant communications networks – Facebook, Twitter, AT&T – have all had their growing pains, but none had to go through them in just weeks. In times as vertiginous as these, even success can be brutal. Yuan has always been frustrated by the inconvenient fact of distance. The younger son of husband-and-wife mining engineers, he grew up in China’s Shandong province, a peninsula extending into the Yellow Sea. Studying math and computer science at Shandong University, he had to take a 10-hour train ride to see his girlfriend, a problem he solved by marrying her at 22. Yuan, now 50, idolised Bill Gates and was determined to work in Silicon Valley. His visa application, though, was denied on his first try, and on the next seven, after a bureaucratic mix-up. It took nearly two years of persistence, but on the ninth attempt, he got into the US. Yuan found a job in California at Webex, then a start-up. By the late 1990s, technology had made real-time video chat – long a sci-fi staple – a reality, and Webex was among the first companies to make a working product. Yuan was one of 10 engineers when he joined Webex in 1997, and by the time Cisco Systems Inc. acquired it a decade later, he was vice president for engineering, managing 800 workers. Yuan set out create a conferencing app that worked on mobile phones, not just PCs. Gabby Jones/Bloomberg Seeing the rise of the iPhone and its imitators, he became convinced the company needed a product that worked on mobile phones, not just PCs. Cisco’s leadership didn’t agree, and Yuan left in 2011 to found Zoom Video Communications Inc., taking a contingent of engineers with him. Headquartered in San Jose, Zoom built a research and development team in China, where engineers would work for far less than their American counterparts. Yuan personally contacted every company that considered Zoom but went with a competitor, something he still does. Zoom was appealing, in part, because it was a neutral platform. It wasn’t tethered to Apple, like FaceTime, or Google or Microsoft, like Hangouts and Skype. Anyone, even someone without an account, could join a meeting, from any device, just by clicking a link in a text or email. Hosts could record video and audio and generate transcripts, and it was easy for people to screen-share. If you can keep your meetings under 40 minutes and 100 participants (and, honestly, please do) you can use Zoom for free; clients who pay a monthly fee of $A27.99 per meeting host can gather as many as 1000 people on a single video call. In addition, the technology offers users a flattering soft-focus mode and a menu of digital backdrops: the northern lights, the Golden Gate Bridge, a pristine beach. These panoramas free home users from worrying about whether their half-dressed spouse and children are in the webcam’s sightline. Customised Zoom backdrops are canvases for self-expression, and the art form has already grown baroque. A video producer named Dan Crowd created one recently that looks like a normal office but is a trompe l’oeil animation in which the door opens and Crowd himself walks in, obliviously interrupting his own meeting. Zoom's headquarters in San Jose, California. The app has sprinted to cope with ballooning global demand and attacks on its security. Getty In a world of philosopher-CEOs promising to transform the human condition through ride-hailing or renting shared workspaces, Yuan is passionate about videoconferencing software and uninterested in declaiming on other topics. After Zoom’s valuation surpassed $US1 billion ($A1.5 billion) in 2017, he publicly scoffed at the unicorn label, saying it didn’t mean anything unless the business continued to grow. When Zoom went public in April 2019, shares jumped 72 per cent on the first day of trading, giving it a value of $US16 billion and Yuan a net worth of $US3 billion. He went on Bloomberg Television complaining that “the price is too high” and implored employees to get back to work. Today the company’s market capitalisation is about $US32 billion. Zoom had an early glimpse of the coronavirus at work. The company’s Chinese offices and R&D facilities closed in late January (they’ve since reopened). “We were thoughtful and a little bit paranoid about what was to come, which has turned out to be a good thing,” Kelly Steckelberg, the company’s chief financial officer, says by Zoom from her home. Zoom was quick to shutter its San Jose headquarters, sending employees home two weeks before Santa Clara County issued its shelter-in-place order – a decision that was admittedly easier for a videoconferencing technology company. Zoom CEO Eric Yuan, left, and Adena Friedman, President and CEO of Nasdaq, attend the opening bell at Nasdaq on the day of the Zoom IPO, April 18, 2019., which valued the company at $US16 billion. AP After Japan and Italy closed schools in late February and early March, Zoom removed the time limits on its free product for educational institutions in those countries. It continued to do so as school shutdowns spread globally. Still, Yuan thought the disruption would be brief. Then, in mid-March, his kids’ schools closed. When Zoom’s daily users passed 100 million, he began to realise what the crisis would mean for his company. Since then, it’s been a dead sprint to cope with the ballooning demand. When you’re on a Zoom meeting, the app adjusts bandwidth so that one participant’s poor signal doesn’t degrade another user’s experience. Zoom does this by linking each participant to the closest of 17 data centres it rents worldwide; if one centre is overloaded, it sends traffic to the next closest. To keep up with its new audience, the company has added two data centres, and it’s been buying more of the cloud storage capacity it uses for surge protection. Zoom relies heavily on Amazon Web Services, as well as on Oracle Corp, for cloud computing. So far, these efforts have paid off: there have been complaints of poor call quality, and Zoom’s website was briefly down for maintenance, but the platform has bent, not broken, under the new demands. On other fronts, Zoom has looked less deft. Its sudden prominence has brought it the attention of security researchers and privacy advocates, and the last week of March saw a steady stream of damaging revelations. On March 24, Consumer Reports (a US advocacy group similar to Choice) detailed how Zoom’s privacy policy let it share the content of video chats with ad-tracking companies. The piece highlighted how hosts don’t need participants’ permission to record videos, or make and share transcripts; hosts can read texts that participants exchange on the app’s chat function, too. The publication also noted Zoom’s panopticon-like Attendee Attention Tracking tool, which alerted a host if people clicked over to a different window on their computers for more than 30 seconds, suggesting they were otherwise occupied. Two days later, tech site Motherboard revealed that Zoom’s iPhone app, which was built using Facebook software, was sending user data to the social network giant without alerting users. On March 30, former National Security Agency hacker Patrick Wardle blogged about flaws that would let attackers put malware on a computer or hijack the webcam and microphone. The next day, the website the Intercept reported that while Zoom claimed to guard user data using end-to-end encryption – the strongest available privacy protection – that wasn’t true. And on April 3, University of Toronto researchers published a paper revealing that the company sometimes routed meetings through servers in China even when all the participants were outside the country, raising the possibility that Chinese authorities might try to listen in. Zoom was also attracting the interest of trolls. School teachers getting their classrooms up and running found their sessions disrupted by “Zoombombers,” with malicious interlopers joining to shout racist epithets or screen-share pornography. (New York City’s school system, the largest in the country, has banned the service, shifting to Microsoft Teams and Google Hangouts Meet.) White supremacists started Zoombombing virtual Torah sessions and webinars on anti-Semitism with images of swastikas. The company has since amended its privacy policy to make clear that video and chats would not be shared; updated its iPhone app to stop sending data to Facebook; and patched the vulnerabilities that Wardle found. On April 1, Chief Product Officer Oded Gal addressed the encryption issue in a repentant, if euphemism-plagued, post on the company blog. “While we never intended to deceive any of our customers,” he wrote, “we recognise that there is a discrepancy between the commonly accepted definition of end-to-end encryption, and how we were using it.” Later that day, Yuan posted his own apology and said that Zoom would probe for further security weaknesses; remove the attention tracker; offer training against Zoombombing attacks; change the default screen-sharing settings to make things harder for trolls; and issue a transparency report detailing government data requests. When the University of Toronto report was published on April 3, Yuan responded the same day, blaming the China server issue on Zoom’s scramble for capacity and announcing that the company had corrected it. On April 4, Zoom users got an email telling them that all meetings would now automatically have passwords. Yuan argues that Zoom’s issues stem not just from its explosive growth but also from the new types of users flocking to it. “We built this as a platform for knowledge workers, for businesses with IT departments,” he says, sitting against a digital backdrop of the San Francisco hills that he obscures as he leans into his webcam. For Zoom users in nonpandemic times, he goes on, there would be a tech support person helping them set up their screen-sharing settings and reminding them to have a password. In a work setting, for better or worse, we’re more resigned to the idea that our boss will snoop on us so that we don’t slack off. Unlike schools and happy hour organisers, Zoom’s corporate clients have their own data and privacy policies. And at the office, even neo-Nazis try to watch their language. For now we have to embrace this new paradigm and figure out how to make it work. — Eric Yuan, Zoom Yuan’s explanations are more convincing for some lapses than others. If anything, expectations should be higher for a collaboration app given that it engages with sensitive data. “I’m granting access to a camera, a microphone, to the screen, everything that happens on the computer,” says Ralph Loura, a longtime chief information officer now at electronics manufacturer Lumentum Holdings. Zoom, in other words, should be the last company to be casual about security. It may be that the main trait that let Zoom succeed is now haunting it. Its focus on simplifying the arcane and buggy process of videoconferencing has created a product that’s also simpler for others to manipulate. Yuan concedes that there could be a tension between security and simplicity. “It may be time to revisit that,” he says. Although it’s hard to imagine, at some point the pandemic will end. Will Zoom go back to being a corporate videoconferencing company? “I have no answer,” Yuan says. His board asked him that a few days earlier, and he told them the same thing. Currently, while many new users aren’t paying for the service, some have sprung for Zoom’s paid tiers, and some corporate clients upgraded when they sent their workforces home. On April 1, AllianceBernstein analyst Zane Chrane said the pandemic could generate “a few hundred million” in additional revenue. That’s on top of the more than $905 million Zoom predicted for the coming fiscal year in its last earnings call, a Zoom webinar held on March 4, just after it closed its headquarters. Given the choice, Yuan makes clear, this isn’t the path he would have chosen for himself or for the company. But he says he no longer pretends he’s in control: “You can’t go back, that would not be responsible. For now we have to embrace this new paradigm and figure out how to make it work.” Zoom is “now owned by the whole world,” he adds. Then he has to go. It’s lunchtime, and his mother is patiently waiting. Bloomberg Businessweek
How Dropbox, and Australian hackers, uncovered Zoom's biggest flaws https://www.smh.com.au/technology/h...red-zoom-s-biggest-flaws-20200421-p54lo7.html One year ago, two Australian hackers found themselves on an eight-hour flight to Singapore to attend a live hacking competition sponsored by Dropbox. At 30,000 feet, with nothing but a slow internet connection, they decided to get a head start by hacking Zoom, a videoconferencing service that they knew was used by many Dropbox employees. The hackers soon uncovered a major security vulnerability in Zoom's software that could have allowed attackers to covertly control certain users' Mac computers. It was precisely the type of bug that security engineers at Dropbox had come to dread from Zoom, according to three former Dropbox engineers. With people, including comedian Hamish Blake, crashing private Zoom meetings, Technology editor Tim Biggs shares his 5 tips to stay secure when using Zoom. Now Zoom's videoconferencing service has become the preferred communications platform for hundreds of millions of people sheltering at home, and reports of its privacy and security troubles have proliferated. Zoom's defenders, including big-name Silicon Valley venture capitalists, say the onslaught of criticism is unfair. They argue that Zoom, originally designed for businesses, could not have anticipated a pandemic that would send legions of consumers flocking to its service in the span of a few weeks and using it for purposes — like primary school classes and family celebrations — for which it was never intended. "I don't think a lot of these things were predictable," said Alex Stamos, a former chief security officer at Facebook who recently signed on as a security adviser to Zoom. "It's like everyone decided to drive their cars on water." The former Dropbox engineers, however, say Zoom's current woes can be traced back two years or more, and they argue that the company's failure to overhaul its security practices back then put its business clients at risk. Dropbox grew so concerned that vulnerabilities in the videoconferencing system might compromise its own corporate security that the file-hosting giant took on the unusual step of policing Zoom's security practices itself, according to the former engineers, who spoke on the condition of anonymity because they were not authorised to publicly discuss their work. As part of a novel security assessment program for its vendors and partners, Dropbox in 2018 began privately offering rewards to top hackers to find holes in Zoom's software code and that of a few other companies. The former Dropbox engineers said they were stunned by the volume and severity of the security flaws that hackers discovered in Zoom's code; and troubled by Zoom's slowness in fixing them. After Dropbox presented the hackers' findings from the Singapore event to Zoom Video Communications, the California company behind the videoconferencing service, it took more than three months for Zoom to fix the bug, the former engineers said. Zoom patched the vulnerability only after another hacker publicised a different security flaw with the same root cause. Zoom's sudden popularity — nearly 600,000 people downloaded the app on a single day last month — has opened it to increased scrutiny by researchers and journalists and forced the company to grapple with a rash of security incidents. Three weeks ago in the US, the FBI warned that it had received multiple reports of trolls hijacking public school classes on Zoom to display pornography and make threats; malicious attacks known as "Zoombombing." Last week, Vice's Motherboard blog reported that security bug brokers were selling access — for $US500,000 — to critical Zoom security flaws that could allow remote access into users' computers. Separately, hackers put up more than half a million Zoom users' passwords and user names for sale on the so-called dark web. On April 1 Eric Yuan, Zoom's chief executive, said the company would devote all of its engineering resources for the next 90 days to shoring up security and privacy. Last week, the company announced a revamped reward program for hackers who find security flaws in its code. Stamos said Zoom was also working on design changes to reduce the potential risks of security flaws and abuses like Zoombombing. Even critics acknowledge that Zoom remains the most user-friendly videoconferencing service on the market and has become a crucial communications tool during the pandemic. Security researchers also praised Zoom for improving its response times; quickly patching recent bugs and removing features that presented privacy risks to consumers. Zoom is hardly the first tech company whose sudden surge in popularity exposed its problems. Microsoft, Twitter, Google, Facebook and Uber have all settled charges related to consumer security or privacy. What is different about Zoom is the unusual role that another tech company — Dropbox — played in pushing the videoconferencing service to address its security weaknesses. Details on Dropbox's role have not been publicly reported before. Many companies, including Zoom, have "bug bounty programs" in which they pay hackers to turn over flaws in the company's own software code. But Dropbox, which has integrated its file-sharing services with Zoom, did something novel. Starting in 2018, Dropbox privately offered to pay top hackers it regularly worked with to find problems with Zoom's software. It even had its own security engineers confirm the bugs and look for related problems before passing them on to Zoom, according to the former Dropbox engineers. Hackers have reported several dozen problems with Zoom to Dropbox, the former employees said. These included moderate problems, like the ability for attackers to take over users' actions on the Zoom web app, and more serious security flaws like the ability for attackers to run malicious code on computers using Zoom software. Dropbox also put in its own controls to ensure that its integration with Zoom did not present risks to Dropbox users. In early 2019, Dropbox sponsored HackerOne Singapore, the live hacking competition. To put pressure on Zoom to take security more seriously, former Dropbox engineers said, Dropbox included the videoconferencing service among companies for which it offered bug bounties at the event. Even before the event began, one hacker reported a major vulnerability to Dropbox that could have allowed attackers to pose as Zoom over Wi-Fi and secretly observe users' video calls, the former Dropbox engineers said. Soon after, the two Australian hackers — an engineer and executive at Brisbane-based Assetnote, a security company — uncovered the flaw that would have allowed an attacker to covertly take complete control of certain computers running Apple's macOS, according to a blog post published by the hackers. The discovery was particularly jarring because attackers could have used the Zoom vulnerability to gain access to the deepest levels of a user's computer. But Zoom did not quickly address the flaw. Instead, the company waited more than three months until a third researcher independently uncovered and publicised a separate, less serious issue, with the same underlying cause. Yuan, Zoom's chief executive, subsequently wrote a blog post in July apologising for the delay. "We misjudged the situation and did not respond quickly enough — and that's on us," Yuan wrote. He added: "We take user security incredibly seriously." The New York Times
https://www.afr.com/technology/no-reason-to-abandon-zoom-over-security-says-cio-20200419-p54l7y No reason to abandon Zoom over security, says CIO Natasha Gillezeau Reporter Apr 21, 2020 – 12.01am Zoom chief information officer Harry Moseley says the company has fixed the security flaws in its software as the video-conferencing platform has become the tool of choice during the coronavirus crisis – and not just for big business. Zoom CIO Harry Moseley. The platform's usability and ease of access have made it an unexpected star of the pandemic as Zoom is used for everything from work conferences to fitness classes. But, Zoom sceptics are concerned the video-conferencing software's security and privacy measures are not up to scratch for many users' needs. Speaking to The Australian Financial Review, Mr Moseley said the company had always valued security and privacy, but it took the recent explosion in the number of different types of users for it to make those controls far more obvious to the "average person". Asked about recent issues – from Zoom-bombing (where people join random calls) to the allegation that the company was misleading users when it claimed that all communications on the platform were end-to-end encrypted – Mr Moseley said although "security and privacy has always been top of mind" for the company, it had not expected the diverse array of users that now connect on Zoom because of social distancing measures. "When you look at our security and privacy policy that we recently issued, it wasn't a new thing for us. We just re-wrote it with more clarification because we've always been focused on the enterprise," he said. "We've been focused on the established corporation . . . where there is an established risk and compliance group, a legal team, et cetera, who help frame how they are going to deploy it and educate their people on the platform. Zoom CEO Eric Yuan. AP "But with the opening up of the platform for K (prep) through 12, and supporting a variety of organisations like not-for-profits and various communities, and then the general public at large . . . they didn't have the necessary background knowledge about how to leverage the Zoom platform, [or] how to set up the right controls." As a result, the company has put its privacy and security controls into more widely intelligible terms. Features such as a waiting room, hosts being able to lock the meeting, controls on who can share content in a meeting and who can and cannot use the chat function are far more obvious to users now. "All those controls were there from the get-go, but they were not as front and centre as they are now," Mr Moseley said. He said Zoom had established an advisory board and council with 30 professionals from different industries advise on what features needed to be prioritised by engineers for different industries and sectors, including education, government, financial services, and health. "Yes, if someone identifies a flaw in the platform, then we will jump on it. But it's very much our culture to go, 'is this fact or fiction'? If it's fact, then we ask what's the root cause, fix it, publish it, and move on," he said. Even so, banks such as ANZ and schools in New York City have withdrawn from using the platform, citing privacy and security concerns. Some countries, including India, Taiwan and Germany, have also discouraged their citizens from using Zoom and some have banned public sector employees from the platform. Meanwhile, some banks, such as National Australia Bank, are working closely with Zoom and are looking into how the product suite can make work more efficient. Hacked accounts More than 500,000 Zoom accounts were reported by threat intelligence organisation Cyble to have been hacked, with details sold on the dark web. In a recent episode of the podcast Pivot, technology commentator and New York University professor Scott Galloway said he was sceptical about the Zoom team not foreseeing the privacy and security issues with the platform. "They have said publicly 'there is just no way we could have anticipated this happening' ... but they saw their earnings calls coming. They see their D-filings coming so they can sell stock. They see every increase in daily active users coming so they can put out press releases," he said. "But anything that might do damage to the commonwealth of privacy, they don't see coming. And the reason they don't see it coming is that our government has failed . . . because right now the incentives aren't to anticipate it, the incentives are to ignore it." Mr Moseley, who kicked off this Zoom interview with a Corona beer in hand and an animated GIF of a tropical island as his Zoom background, said that life after the coronavirus would have employees and employers alike having "radical thoughts" about how work was done. He labelled Zoom chief executive Eric Yuan a "real gem" and said it was an exciting time for the company. The company is expanding its product suite with features such as Zoom Phone, which allows people to make a phone call to a colleague, and then move that call into a video conference, then turn that into content sharing, and then move the call on the handset to a screen in a conference room. Since mid-February when the COVID-19 outbreak was just starting to intensify, the company's share price has risen 66 per cent – from $US90.95 to $US150.06.
https://www.smh.com.au/business/com...n-list-shares-hit-record-20200424-p54mrt.html Zoom users top 300 million despite growing ban list, shares hit record Zoom video conferencing app's user base grew by another 50 per cent to 300 million in the past three weeks as the company fought to quell a backlash around security and safety that has seen a number of governments and firms ban its applications. Shares of Zoom, which have surged nearly five-fold since the company went public in March last year, rose 12 per cent to a record high of $US168.24 on Thursday. Chief Executive Eric Yuan gave the numbers late on Wednesday in an update on the platform's 90-day security plan, while also outlining the rollout next week of a new version of the app with more encryption features. Zoom has become one of the major means of communication in the coronavirus crisis, but it has faced criticism over data security concerns. German carmaker Daimler was the latest company on Thursday to say it had banned use of Zoom for all corporate content until further notice. "There are some reports about security gaps and challenges regarding data protection of Zoom," Mercedes-Benz Cars spokesperson Christoph Sedlmayr said. "This does not comply with the security requirements of our company. Therefore, we can confirm that Daimler prohibits the use of Zoom for corporate content until further notice." Bloomberg News also reported wireless technology firm NXP had banned the app's use with external parties, and that employees at Sweden's Ericsson had been advised not to use it. "We have not prohibited employees to use any collaboration tool, but we advise employees to be cautious with unapproved collaboration tools due to security risks," an Ericsson spokesman said. Zoom was banned by many schools around the world, Elon Musk's venture SpaceX, Asia-focused bank Standard Chartered as well as governments in Germany, Taiwan and Singapore. A Zoom spokesman reiterated that companies across the world have done exhaustive security reviews of its platform and were using its services. The coronavirus-driven lockdown of millions of people globally has driven huge growth in use of platforms like Zoom, Skype or Microsoft's Teams application. Zoom's growth has continued even as it faced a barrage of criticism from cyber security experts and users alike over bugs in its codes and the lack of end-to-end encryption of its chat sessions. The company has appointed former Facebook security chief Alex Stamos and a number of other experts to attack these concerns and security researchers say it has responded robustly to the issues. Researchers say "Zoombombing" incidents, where uninvited guests crash meetings, were caused by simple choices made by some of the millions of new users of the app and that the company has taken sensible steps including giving hosts the ability to lock meetings and restrict what attendees can do. For corporate customers, however, the issue of encryption and who keeps records or can listen in to calls is more important, be it to safeguard valuable company information, or meet privacy obligations to customers. Lea Kissner, formerly global lead of privacy technology at Google, and now a security consultant for Zoom, said the 256-bit GCM encryption being introduced with Zoom 5.0 next week was in line with what others in the industry were using. All Zoom customers will switch to the new cryptographic mode from May 30, Kissner said. To account for criticism that the company had routed some data through Chinese servers, Zoom also said an account admin can now choose data centre regions for their meetings. Reuters
Ticker is ZM, not ZOOM, for anyone wondering. "Trading in Zoom Technologies Inc. (ticker: ZOOM) was suspended by the U.S. Securities and Exchange Commission Thursday through April 8 after the stock climbed in recent weeks amid confusion with Zoom Video Communications Inc. (ticker: ZM), the popular virtual-meeting company." March 16
Facebook is readying a competing service to Zoom, Microsoft Teams Published: April 24, 2020 at 3:02 p.m. ET By Jon Swartz Facebook Inc. FB, +2.36% on Friday said it is launching a new video chat feature that appears to be a rival to Zoom Video Communications Inc. ZM, -3.77% and Microsoft Corp.'s MSFT, +0.95% Teams service. Called Messenger Rooms, it looks and functions like Zoom, but it lets more people - up to 50 - join at once for free. The new Facebook service comes days after company Chief Executive Mark Zuckerberg said Facebook would not hold meetings of more than 50 people until June 2021. Facebook also announced that WhatsApp video calls can now host up to eight people instead of four. News of Facebook's new video foray sent Zoom shares tumbling 4% in late-afternoon trading Friday. https://www.marketwatch.com/story/f...-microsoft-teams-2020-04-24?mod=mw_latestnews
https://www.fnlondon.com/articles/b...tch-ends-up-on-youtube-20200424?mod=home-page Banks shun Zoom: ‘Imagine if my pitch ends up on YouTube’ Banks including Citigroup, JPMorgan and UBS have curbed or banned use of the video conferencing app amid security worries Getty Images By Paul Clarke April 24, 2020 5:23 pm GMT A growing list of the world’s largest investment banks are joining the backlash against Zoom, limiting or outright banning staff from using the video conferencing app over fears about security and compliance. Bank of America, BNP Paribas, Citigroup, Deutsche Bank, JPMorgan, Standard Chartered and UBS have all advised their employees to use alternative video conferencing tools for client communication, according to people familiar with the matter. The previously little-known conferencing tool shot to fame as an early winner as the coronavirus spread and more employees worked from home, with corporations hosting everything from internal meetings to virtual tea breaks on Zoom. Then the backlash came. German carmaker Daimler and Elon Musk’s SpaceX were among large companies that banned employees from using Zoom for corporate purposes. People familiar with the matter told Financial News that investment bankers, already under the watchful eye of compliance departments and forced to conduct deals from home via video conference, have largely been advised against using the tool. At Citigroup, joining or hosting Zoom calls on personal accounts is “prohibited due to security concerns”, according to internal guidelines, but staff are permitted to use clients’ corporate accounts. Employees are instead encouraged to use its internal system. JPMorgan largely uses rival app BlueJeans for external meetings, but staff can use Zoom if calls do not need to be recorded. Bankers at Deutsche and BNP Paribas have shied away from the app because of privacy and regulatory issues, dealmakers said. UBS has encouraged bankers to use alternatives, including Skype, but allows staff to use Zoom if a client requests it, a person familiar with the matter said. Deutsche bankers are required to use Skype for any client video calls, according to a person familiar with the matter. Bankers contacted by FN said that they were concerned by both the security of Zoom and the regulatory need to record market-sensitive calls. “If one of our pitches gets Zoombombed and ends up on YouTube, you’ve got a real regulatory issue,” said one senior banker. A Zoom spokesman said: “Major financial institutions around the globe are continuing to use Zoom to keep their trading operations running and to continue their important work with their clients and colleagues on a daily basis – they are playing a crucial role in the continued functioning of the global economy, and we are proud to be helping these customers maintain business continuity in this challenging and unprecedented time.” Some banks continue to use Zoom for both internal and external calls. Goldman Sachs bankers still use Zoom, but the company has disabled its chat function and installed passwords to bolster security, according to a person familiar with the matter. Morgan Stanley uses the app for both internal meetings and client calls, but has customised the software to meet its security criteria, according to a person familiar with the matter. Meanwhile, HSBC workers use Zoom for both internal and external meetings. A spokesman said: “As part of our due diligence, HSBC is continuously working with colleagues to ensure Zoom continues to be a safe and secure tool for use at HSBC, both internally and for meetings with customers.” Demand for the Zoom app has exploded since the Covid-19 lockdowns, with user numbers hitting 300 million over the past three weeks, according to disclosures from the company this week, which is an increase of 50%. The company gave the update as part of its 90-day plan to address security issues that have arisen since its growth in popularity. Measures it is taking include new encryption to fend off so-called ‘Zoombombing’, where uninvited guests crash meetings. While global stock markets have slumped in the wake of the coronavirus pandemic, Zoom’s share price has surged 135% since the beginning of this year. “[Zoom is] still a daily thing [at our bank],” said one trader at a large investment bank. “But some clients are saying they can’t use it. Its days are numbered [at the firm]”, they said. Some asset managers have also banned staff from using Zoom. A fund manager at one London company said his compliance department told staff earlier this month that Zoom was not allowed. The compliance officers instructed employees to switch to a product made by London startup LoopUp instead.
https://www.smh.com.au/business/sma...accessed-rivals-meetings-20200428-p54nv8.html Zoom facing fresh security concerns amid claims FT journo accessed rivals' meetings Security experts are warning businesses that meetings conducted via video conferencing service Zoom could be vulnerable to infiltration by competitors after an Australian journalist reportedly gained access to internal meetings at rival publications. UK-based Australian journalist Mark Di Stefano was reportedly suspended from the Financial Times newspaper after being accused of listening in to sensitive Zoom meetings at a rival publications The Independent and the Evening Standard in London. The accusations have not been proven, and it is not known how Mr Di Stefano is said to have gained access to the meetings or what his intention was said to be. Journalist Mark Di Stefano at work at Parliament House when he was at Buzzfeed in Australia. Credit:Alex Ellinghausen David Tuffley, senior lecturer in information and communication technology at Griffith University, warned there is evidence offshore of businesses getting hold of Zoom meeting links and logging in to meetings of competitors to collect information. "I haven't seen this in Australia but there is potential there for it to be a criminal activity," he said. "These urls are valuable and if people can buy them through nefarious means there is potential for a black market for these things to spring up. 4Chan or the dark web would be forums where these could be sold." It is not suggested Mr Di Stefano gained access to the meeting through these means. Dr Ritesh Chugh, discipline lead in information systems and analysis at Central Queensland University, said Zoom users need to be alert to the risks of inflitration and take advantage of the service's security settings. "Users need to be aware of the security and privacy settings, the settings are under utilised," he said. "We tend to focus on the problem without understanding that the solution is there." Mr Di Stefano did not respond to requests for comment. According to The Independent, the Zoom meetings he joined involved discussions about job cuts which he reported on for the Financial Times. Zoom's video conferencing platform has surged in popularity during the coronavirus pandemic with employees around the world working remotely. But until last week the default setting on the service was was for open meetings that did not require a password, enabling unwanted attendees to join meetings or 'Zoom bomb'. Zoom's Australian customers include NAB, Atlassian and REA Group and the company is booming with its valuation soaring to $US45 billion ($75 billion). However the Australian Defence Department has banned usage of the service due to fears about security vulnerabilities. Susie Jones, founder of cyber fitness startup Cynch Security, said some of her small business clients have been the victims of 'Zoom bombings', however these do not appear to have been malicious in nature or designed to infiltrate competitors' meetings. "Two clients had general meetings Zoom bombed but they were more casual conversations rather than confidential conversations," she says. "I had one myself on a Sunday evening, we all logged in and within a few minutes of joining the call an unknown user logged in and was sharing pornographic photos." Susie Jones is the founder of Cynch Security which has provided guidelines to its clients on the use of Zoom. Credit:Justin McManus Ms Jones said the issue for many users is they don't have any choice over which platform they are going to use for a virtual meeting or conversation as they are just sent a link and have to join. "The main concern for clients has been suspicion or general discomfort around regulators or government listening in to conversations rather than concern about competitors," she said. "People that host meetings should set up accounts with strong passwords and multi factor authentication and establish ground rules that there is not public access." Last week the video conferencing platform announced 'Zoom 5.0' which provided increased protection for meeting data and resistance against tampering including the default use of a password to join meetings and 'waiting rooms' where users have to wait to be admitted to meetings. "Zoom offers a number of built-in protections to help hosts protect their meetings, and we have recently made a series of updates to help hosts more easily access these features and avoid uninvited guests," a spokesperson for Zoom said. Sam Kroonenberg, the founder of technology company A Cloud Guru, said the use of Zoom by his business has spiked in the last month and he has not encountered any security issues. "We asked our entire employee base of 400 people to work from home pretty much overnight, and Zoom enabled that instantly," he said. "I'm personally not concerned about the security side of things - Zoom is upgrading its encryption again this month."