The US-based company's video conferencing service has surged in popularity since March, becoming the go-to option for millions of people forced to work and socialise from home amid the Coronavirus pandemic.But the newfound popularity has led to increased scrutiny on some of the service's existing issues, new use cases the company never predicted, and brand new problems owing to unexpected stress on the technology.
Dr Ritesh Chugh, discipline lead in information systems and analysis at Central Queensland University, warned the sudden influx of new Zoom users has not only resulted in poor security practices — such as the posting of meeting details on social media or failing to use privacy settings — but also exposed existing flaws in the service.
"There is no doubt as the number of users have increased rapidly these issues have come to the forefront ... and Zoom has to ramp up the privacy and security it offers its users," he said.
"For organisations like SpaceX and NASA to discontinue the use of Zoom speaks volumes in itself but users also need to ramp up their privacy settings, and ensure a safe virtual environment for everyone."
One of the most visible side effects of Zoom's popularity has been the rise of "Zoom bombers", or gatecrashers who show up unexpectedly in video conferences. Some have reportedly invaded chats to abuse users, insert pornographic content or share malicious files, while comedian Hamish Blake has been encouraging users to secretly forward him meeting details so he could surprise participants.
Loading
Over the weekend the University of Toronto's Citizen Lab published research critical of many of Zoom's security features, which it said were designed to remove friction from the video conferencing experience at the potential expense of confidentiality. Though Zoom's ease of use may have made it attractive to its many new users, Citizen Lab warns it may not be suitable for users requiring privacy such as governments, health care providers, activists, lawyers and journalists.
On Monday The Australian reported the Australian Defence Force had barred its employees from using the service while working from home.
One of Citizen's Lab's chief concerns was Zoom's custom encryption methods, which it says have "significant weaknesses". While Zoom had previously claimed to use "end to end encryption", implying that interception of a call between two parties was mathematically impossible, Citizen's Lab found the keys could in fact be intercepted in some scenarios.
Loading
The researchers also found that some data from their test calls — including encryption keys — was routed through Chinese servers. Since Zoom has hundreds of developers in China making its software, the researchers suggested the company could be susceptible to pressure from the country's government to facilitate spying.
Zoom CEO Eric Yuan said in a response that the routing through China was an error caused by the company's haste to add more capacity as demand grew. Ordinarily data may move to other regions during times of extremely high traffic, but China is supposed to be "geo-fenced" so that data from non-Chinese users does not go there. He says the error was corrected on April 2.
Before the Citizen's Lab report, in a blog post on April 1, Zoom apologised for incorrectly suggesting its product utilised end-to-end encryption. Mr Yuan also posted a message to users on that day explaining the challenges of immediate growth, including the need to ensure "we provide the proper training, tools, and support to help [users] understand their own account features and how best to use the platform".
Tim is the editor of The Age and Sydney Morning Herald technology sections.