Thousands of companies began to implement the remote work modality due to the pandemic, which led to a notable increase in the use of video calling tools such as Zoom. This has been exploited by malicious hackers, and even some pranksters, to deploy an attack variant known as “zoom-bombing”, which consists of breaking into private video call sessions, interrupting the activity of public and private organizations.
These attacks have finally brought consequences for Zoom, which will have to pay $85 million USD as part of a settlement following the class action lawsuit filed by multiple users, including individuals and organizations. In addition to paying the compensation in cash, Zoom also pledged to implement some changes to its business practices.
According to a report, the plaintiffs claim that the company’s security practices and measures have allowed constant violations of its privacy and security. For example, in an incident reported two years ago, St. Paul’s Lutheran Church in San Francisco was hosting a Bible study class in which most of the participants were elderly; shortly after the video call started the platform would have allowed an intruder to take control of the session.
“The attackers hijacked computer screens and disabled control buttons while forcing users to watch pornographic videos,” the plaintiffs claim. The organizer was unable to regain control of the session, so he asked participants to leave and re-enter the call, although this did not restrict access to the intruder.
Zoom-bombing isn’t the only problem the platform faces. The plaintiffs also claim that Zoom has shared data with third parties such as Google, LinkedIn and Facebook illegally, intentionally manipulating their end-to-end encryption protocols.
Zoom agreed to implement dozens of changes to its business practices, hoping that these changes will have a significant impact on strengthening security in Zoom sessions, in addition to reviewing its data protection methods to prevent unwanted leaks.
Mark Molumphy, one of Zoom’s lawyers, considers this to be an innovative arrangement, adding that the platform will implement improved security practices in the future, ensuring that users are fully protected.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.