Zoom Video Communications has tapped former Facebook security chief Alex Stamos as an adviser as safety and privacy concerns about its fast-growing video-conferencing app drive a global backlash against the company.
In a stark illustration of Zoom’s security issues, officials at Berkeley High School in California said they suspended use of the app after a “naked adult male using racial slurs” intruded on what the school said was a password-protected meeting on Zoom, according to a letter to parents seen by Reuters.
Taiwan and Germany have already put restrictions on Zoom’s use, while Elon Musk’s SpaceX has banned the app over security concerns. The company also faces a class-action lawsuit.
A Berkeley school district spokeswoman said it was possible a password had been shared, allowing the intrusion. But she added that the entire district was putting Zoom on pause for at least “a few days” to consider how to use and train for video-conferencing.
Coronavirus lockdowns have driven a surge in Zoom usage, even as concerns have grown over its lack of end-to-end encryption of meeting sessions, routing of traffic through China and “zoombombing,” when uninvited guests crash meetings.
Zoom shares were up 3.8 percent in late trade on Wednesday after shedding a third in value over the previous 10 days.
Zoom attracted users with its ease of use, as well as a free offering. Many schools around the world also started using it for online classes.
In a series of tweets in late March, Stamos called on Zoom to be more transparent and roll out a 30-day security plan. That led to the platform’s founder and Chief Executive Officer Eric Yuan asking him to weigh in as an outside consultant.
“Zoom has some important work to do in core application security, cryptographic design and infrastructure security, and I’m looking forward to working with Zoom’s engineering teams on those projects,” Stamos, now an adjunct professor at Stanford University, wrote in a blog post on Wednesday. Stamos said on Twitter he would be a paid consultant to Zoom.
Brent Stephens, superintendent of Berkeley Unified School District, told Reuters the teacher involved in the Zoom incident Tuesday had been trained on security measures and appeared to have used them. But an imposter gained access to the waiting room using a pseudonym close enough to a real name to trick the teacher, who removed the intruder and reported the incident.
Stephens said the district was now evaluating whether a competing product from Google, whose software the district uses for other functions, could prevent similar incidents in the future.
“Rather than shift from one platform to another, we wanted to take a pause,” Stephens said, “and not run the risk to student safety.”
On Wednesday, Google said it was taking Zoom off workers’ computers because of security concerns. A Google spokesman said employees could still use the mobile and browser-based versions of Zoom.
To address security concerns, Zoom has embarked on a 90-day plan and has formed a CISO Council, which includes chief information security officers of HSBC, NTT Data, Procore and Ellie Mae, to discuss about privacy, security and technology issues.
It has also set up a board to advise Yuan on privacy issues. The initial members include executives from VMware, Netflix, Uber, and Electronic Arts.
Zoom, which competes with Microsoft’s Teams and Cisco’s Webex, has seen daily users jump to 200 million from 10 million and the stock surged to a record high in March.