Zoom hires former Facebook security chief as Google bans desktop app

Reuters | Apr 8, 2020 at 7:47 PM

April 8 (Reuters) - Zoom Video Communications Inc has tapped former Facebook security chief Alex Stamos as an adviser to improve the privacy and security of its rapidly growing video-conferencing app amid a global backlash, including a move by Alphabet Inc's Google to ban the desktop version of Zoom from corporate laptops.

At about the same time, officials at California's Berkeley High School said they suspended the use of Zoom after a "naked adult male using racial slurs" intruded on what the school said was a password-protected meeting, according to a letter to parents seen by Reuters.

A school district spokeswoman said it was possible that a password had been shared, allowing the intrusion, but that the entire Berkeley school district was pausing for at least "a few days" Zoom to consider how to use and train for videoconferencing.

Coronavirus lockdowns led to surging use of Zoom this year, but in recent weeks concerns rose about the lack of end-to-end encryption of meeting sessions, routing of traffic through China and "zoombombing," where uninvited guests crashed meetings.

Zoom shares were up 3.8% in late trade on Wednesday. They had crashed by a third in the past 10 days.

Zoom attracted users with its ease of use, as well as free offering. Many schools around the world also started using it for online classes.

In a series of tweets https://twitter.com/alexstamos/status/1245197038083428352a in late March, Stamos called on Zoom to be more transparent and roll out a 30-day security plan. That led to a call from the platform's founder and chief executive officer, Eric Yuan, asking him to weigh in as an outside consultant.

"Zoom has some important work to do in core application security, cryptographic design and infrastructure security, and I'm looking forward to working with Zoom's engineering teams on those projects," Stamos, now an adjunct professor at Stanford University, wrote in a blog post https://medium.com/@alexstamos/working-on-security-and-safety-with-zoom-2f61f197cb34 on Wednesday.

Taiwan and Germany have put restrictions on its use, while Elon Musk's SpaceX has banned the app over security concerns. The company has also been slapped with a class-action lawsuit.

On Wednesday, Google, which has a competing product, said it was taking Zoom off workers' computers because of security concerns. A Google spokesman said that employees could still use the mobile and browser-based versions of Zoom.

"It would be in Zoom's best interests to conduct a full scale investigation into the security lapses and provide a report of whether or not the lapses led to an actual compromise," said Theresa Payton, a former White House Chief Information Officer and currently CEO of Fortalice Solutions.

To address the concerns, Zoom has embarked on a 90-day plan https://blog.zoom.us/wordpress/2020/04/08/update-on-zoom-90-day-plan-to-bolster-key-privacy-and-security-initiatives and has formed a CISO Council, which includes chief information security officers of HSBC, NTT Data, Procore and Ellie Mae, to discuss about privacy, security and technology issues.

It has also set up a board to advise CEO Yuan on privacy issues. The initial members include executives from VMware , Netflix, Uber and Electronic Arts .

"I would think, however, that whatever issues Mr Stamos and advisory board identify will take more than 90 days to fix, revise, or change in the network," said Summit Insights Group analyst Jonathan Kees.

Zoom, which competes with Microsoft's Teams and Cisco's Webex, has seen daily users jump to 200 million from 10 million and the stock surged to a record high in March.