Taiwan has banned the use of Zoom in any official government capacity, amid mounting security concerns with the newly popular video conferencing app. In announcing the ban, the Taiwanese government provided only an abstract rationale: that the app might have security flaws. In its stead, Taiwan has recommended using video solutions from Google or Microsoft.
This is the widest ban Zoom has seen thus far. Elon Musk’s SpaceX barred its employees from using the service in late March, citing “significant privacy and security concerns.” Earlier this week, New York City banned its public schools from using Zoom for virtual teaching and other meetings for similar reasons.
Many experts have raised concerns over Zoom’s cybersecurity risks and the company’s lack of transparency in how it handles data. Zoom has seen a huge boom in new users due to self-isolation measures being taken to fight COVID-19. But ongoing security concerns with the software could prove to be a massive hurdle if the company does not take more action soon.
Looping back to China — Taiwan’s concerns go beyond the security concerns raised by many in the tech industry. Taiwan is worried about Zoom’s roots, which lead back to China. Zoom sends at least some of its data through servers based in China, and the company uses many developers there, too, according to a recent report from think tank Citizen Lab.
China also presents and issue of national security for Taiwan. Beijing has threatened to invade Taiwan if it ever plans to make its independence official, despite Taiwan’s views of itself as an independent nation. So it’s no surprise Taiwan doesn’t want official government chatter passing through Zoom’s servers.
But is Zoom really that compromised? — The past few weeks have been tumultuous for Zoom. As the company’s video conferencing software has soared in popularity, Zoom has become subject to increased scrutiny — and rightfully so, given what experts have found thus far.
Here’s just a short list of security concerns that have been raised over Zoom in the past two months: video chats have been left open to random hackers; the app’s attention-tracking feature has been shown to bypass browser security; its iOS app was found to share data with Facebook, even if users didn’t have an account; a vulnerability was shown to reveal users’ Windows login information; and, its encryption has been proven inconsistent, with the company often inflating claims of security.
So yes: Zoom is positively teeming with security flaws. The company’s CEO recently stated that Zoom is actively looking into security reports and making changes to the software over the next three months rather than adding new features. But it’s very difficult to tell just how far-reaching those changes will be.
And how can we trust that Zoom’s changes will actually improve the app’s security, when the company’s messaging about it has been so opaque and every few days a new problem comes to light?