Coronavirus-driven Zoom's privacy questioned as 'Zoombombing' escalates

Some Zoom users have reported a new trend called 'Zoombombing' when internet trolls disrupt Zoom meetings

Get all the latest news on coronavirus and more delivered daily to your inbox. Sign up here.

New York Attorney General Letitia James on Monday sent a letter to video conferencing app Zoom asking about its data privacy and security practices, her office confirmed to FOX Business.

Zoom has seen skyrocketing downloads since more people are working from home amid the novel coronavirus outbreak.

The New York Times obtained a copy of the letter, which called Zoom "an essential and valuable communications platform" but mentioned several security concerns she has with the app, including a vulnerability "that could enable malicious third parties to, among other things, gain surreptitious access to consumer webcams."

Zoom video meeting/ Zoom

Zoom did not immediately respond to an inquiry from FOX Business.

The conferencing app told the Times that it takes its "users’ privacy, security and trust extremely seriously," and had been "working around the clock to ensure that hospitals, universities, schools and other businesses across the world can stay connected and operational."

HOW TO HOST SECURE ZOOM MEETINGS WHILE WORKING FROM HOME

Some Zoom users have reported a new trend called "Zoombombing," which is when internet trolls join and disrupt Zoom meetings with inappropriate and sometimes even violent comments or pictures on professional conferences.

Ticker Security Last Change Change %
ZM ZOOM VIDEO COMMUNICATIONS INC. 66.23 +0.27 +0.41%

The FBI sent out an alert on Zoombombing Monday and gave two examples of classroom Zoom sessions in which attackers yelled profanity and showed images of Swastikas. 

"Attackers want to hit the largest population possible," Mark Ostrowski, security evangelist at cybersecurity company Check Point Research, told FOX Business. He says that's why people are suddenly seeing a spike in attacks on platforms like Zoom, Microsoft Teams, Cisco WebEx and more.

Just last week, Chipotle had to end a public Zoom call with hundreds of attendees becuase a Zoombomber infected the conference with pornography, the Times reported. 

A recent Ph.D. graduate, Ceri Weber, said on Twitter that her Ph.D. defense, which took place on Zoom Meetings, was interrupted by Zoombombers that were "harmless at first, but they became increasingly vile" and threatening.

"It was scary for me and all participants," Weber tweeted.

She said the trolls had bypassed multiple attempts by her "response team" to improve security on the call, which included attempts to block sharing, participant microphone use and re-entry of removed users, as well as attempts to control who could come in and out of the meeting.

Finally, she said, her response team made it impossible for any new participants to join the meeting and continued to diligently police participants who bypassed the block and tried to enter the conference, which seemed to do the trick. 

AMID CORONAVIRUS, ZOOM SEEING UNPRECEDENTED DEMAND

While Ostrowski could not comment on how the bad actors in Weber's Zoombombing incident were able to get through her response team's blocks, he said that most Zoombombing instances appear to happen when meetings don't have proper protections in place from the outset.

"It's like locking the door to your conference room so nobody else can get in," he said, adding that "good remote-working hygiene" in general should include putting passwords on meetings, creating a meeting ID and making sure only the host can share material, which is possible when creating Zoom conference calls, but Zoom meeting calls do not have the same options.

Stories like Weber's have escalated on social media in recent weeks, and it isn't the first time Zoom has come under fire for vulnerabilities in its technology that allow people to listen in on calls. A number of universities have sent out noticed alerting students and faculty of the issue before they become victims.

The app updated its security in September after Check Point in January 2019 discovered vulnerabilities that could have allowed strangers to eavesdrop on conversations.

Check Point revealed that the eavesdropping hack that impacted "scores" of Zoom meetings left the app vulnerable to bad actors who could have "easily" created and verified their own Zoom Meeting IDs to eavesdrop on victims' meetings. Hackers had access to all audio, video and documents shared throughout these video meetings, Check Point found.

CORONAVIRUS ACCELERATES STREAMING FITNESS CLASS INDUSTRY

Ostrowski believes there will be more cyberattack attempts on collaboration platforms like Zoom as bad actors turn to these platforms with high usage amid the COVID-19 outbreak. 

He added, however, that he thinks "we're going to see a lot of developments" in apps like Zoom as they work to fix the vulnerabilities that allow bad actors to infiltrate meetings and bypass security placements.

The conference-call company is also facing another privacy issue.

A person working on a laptop in North Andover, Mass. (AP Photo/Elise Amendola, File)

One Zoom user, Robert Cullen, sued Zoom on behalf of himself and other affected customers for sharing information with Facebook, which violated California privacy laws, Bloomberg first reported Monday.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

"Zoom ... has failed to properly safeguard the personal information of the increasing millions of users of its software app and video conferencing platform. Upon installing or upon each opening of the Zoom app, Zoom collects the personal information of its users and discloses, without adequate notice or authorization, this personal information to third parties, including Facebook, invading the privacy of millions of users," the lawsuit reads.

After being informed about the issue, Zoom issued a statement disputing the accusation that it sent personal information to Facebook and said it had sent information about user devices to the social media site. It also said it made updates to the app to ensure that it does not happen in the future, according to Vox's tech magazine, Motherboard.

The lawsuit, however, states that Zoom has still not taken enough action to get rid of the problem.

CLICK HERE TO READ MORE ON FOX BUSINESS

This post contains material from a previous FOX Business article