Who has banned Zoom and why?
From Google to Taiwan, organisations large and small are dropping the videoconferencing software
There's a growing list of companies and organisations announcing bans on the popular videoconferencing app Zoom over security concerns.
A slew of businesses, organisations, and even countries, have banned the service after a litany of security flaws surfaced over the last few weeks. While the company and it's CEO Eric Yuan have scrambled to patch the issues, its reputation is sinking fast.
Part of the problem is that the company, like the rest of the world, didn't expect a global pandemic to force us all indoors. As such, videoconferencing services have become vital components of this new way of life, and Zoom is now one of the most popular. The app is simple to use and has a freemium option, which has seen a fairly big spike in enterprise usage – which is where the security issues are proving most concerning.
The two security issues that seem most concerning to businesses are 'Zoom-bombing' and the lack of end-to-end encryption.
Google has reportedly issued a company-wide memo telling employees who have the Zoom app on their work laptops that it will no longer work, although they can still use it on mobiles for personal use, according to an internal email leaked on 8 April.
The tech giant hasn't specified why this decision was made, merely citing "security issues", according to reports.
As the coronavirus became a pandemic in March, and more of the world dived into remote working, the FBI sent out a warning about hackers invading and disrupting video conference calls.
Zoom was one of the companies singled out by the Bureau, which said that reports had come in from around the country of hackers hijacking meetings and using them to spread hate speech and pornographic images.
A couple of days after the FBI's warning, reports suggested that Elon Musk had banned SpaceX employees from using the software.
It's currently unclear if this ban extends to Musk's other companies, such as Tesla. 'Zoom-bombing' is thought to be the main reason for the company-wide ban.
The Ministry of Defence
The UK's Ministry of Defence (MoD) is also said to be anti-Zoom, following reports on 27 March suggesting the agency had advised government departments against its use.
However, it seems the message hasn't been communicated as Prime Minister Boris Johnson recently revealed on Twitter that his cabinet has been using Zoom for meetings – with the ID of that meeting also unwittingly revealed in a photo.
The US Senate & Germany's Foreign Office
Given that Zoom is a Chinese company, its lack of end-to-end encryption hasn't gone down well in the Western world. Like Google and SpaceX, the US Senate is said to have told its members to avoid using the app, according to reports on 9 April.
There are reports that the German government have placed restrictions on the software being used on fixed-connection computers.
According to Reuters, a memo to employees said: "Based on media reports and our own findings, we have concluded that Zoom's software has critical weaknesses and serious security and data protection problems".
Taiwan is the first country to completely ban the service, blocking its public sector bodies from using it. The software platform falls under the nation's Cyber Security Management Act, ushered in last year, that bans organisations using services that have been "associated with security issues".
With the issues continuing to surface, Zoom has promised to become more security-focused – it has already hired Facebook's former chief security officer Alex Stamos – but it will need to work quickly as its client list, stock and reputation are all in free fall.
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Security best practices for PostgreSQL
Securing data with PostgreSQLDownload now
Transform your MSP business into a money-making machine
Benefits and challenges of a recurring revenue modelDownload now
The care and feeding of cloud
How to support cloud infrastructure post-migrationWatch now