The United States Trade Commission (FTC) is demanding that the Zoom video call application implement a more robust privacy and security program. According to the commission, the Zoom does not comply with the end-to-end encryption it promises since 2016. The company said it would “implement a more comprehensive security program”.
In a document published on Monday (09), the commission informs that Zoom “deceived its users by offering 256-bit end-to-end encryption”, when in reality it offers a lower level, in addition to storing access keys to these encryptions, which allows the company to access the content of the meetings and video calls made by its users, especially those stored on the company’s cloud services.
Zoom offers paying customers an option to store encrypted recordings of meetings and video calls in the tool’s own cloud. However, according to the commission, some recordings are stored unencrypted until transferred to a server that finally has encryption, but this process can take up to 60 days. This does not comply with the company’s security and privacy announcement, and it means that employees can access these meetings during this time.
The company is under the supervision of the commission (subject to two assessments per year) for a specified period and must “assess and document potential security risks annually; implement a vulnerability management program; implement protections like multi-factor authentication to protect against unauthorized access to your network; institute data exclusion controls; and take steps to avoid using known compromised user credentials. ”
In addition, you should review all software updates for security holes to ensure that they are not harmful to your users. also is prohibited from making false announcements about your data security and use practices (such as collecting, using, maintaining, disclosing and storing personal information).
Company had already been accused by the FTC for violating US law against unfair and deceptive business practices
The committee recalls the case of the ZoomOpener application for macOS, which was “secretly installed ”on your users’ Macs in July 2018. According to the FTC, ZoomOpener “allows automatic startup [e sem autorização dos usuários] Zoom, bypassing the security protocols of the Safari browser ”.
Without ZoomOpener, Safari asks for authorization to start the tool, but the app bypasses this process and allows Zoom to be secretly launched “increasing the risk of remote video surveillance users by strangers” in addition to remaining on the machine even after uninstalled by the user.O. The company reports that it removed the ZoomOpener with an update in July 2019.
Source: United States Trade Commission (FTC).
See the original post at: https://thehack.com.br/zoom-e-acusado-de-mentir-sobre-criptografia-de-ponta-a-ponta-e-promete-melhorar-praticas-de-seguranca/?rand=48873
