By Supantha Mukherjee and Akanksha Rana
(Reuters) - Zoom Video Communications Inc has tapped former Facebook security chief Alex Stamos as an adviser and set up an advisory board to improve the privacy and security of its rapidly growing video-conferencing app amid a global backlash.
Millions of users flocked to Zoom's platform in the past few weeks, attracted by its ease of use, as coronavirus-led lockdowns forced people to work from home. Many schools around the world also started using its free offering for online classes.
That in turn attracted scrutiny of its platform and Zoom faced widespread criticism from users worried about the lack of end-to-end encryption of meeting sessions, routing of traffic through China and "zoombombing", where uninvited guests crashed meetings.
In a series of tweets in late March, Stamos called on Zoom to be more transparent and roll out a 30-day security plan.
This week is going to be a critical one for Zoom and $ZM shareholders.
— Alex Stamos (@alexstamos) April 1, 2020
This is going to get worse, as the entire infosec world descends on a spectacularly complicated product with lots of attack surface and some sketchy design trade-offs. An opportunity for a trust turn-around. https://t.co/jjcJS6eWrD
Following those tweets, Zoom Chief Executive Officer Eric Yuan called up Stamos, asking him to help the company build up its security, privacy and safety capabilities as an outside consultant.
"Zoom has some important work to do in core application security, cryptographic design and infrastructure security, and I'm looking forward to working with Zoom's engineering teams on those projects," Stamos, now an adjunct professor at Stanford University, wrote in a blog post https://medium.com/@alexstamos/working-on-security-and-safety-with-zoom-2f61f197cb34 on Wednesday.
Taiwan and Germany have put restrictions on its use, while Elon Musk's SpaceX has banned the app over security concerns. The company has also been slapped with a class-action lawsuit.
"It would be in Zoom's best interests to conduct a full scale investigation into the security lapses and provide a report of whether or not the lapses led to an actual compromise," said Theresa Payton, a former White House Chief Information Officer and currently CEO of Fortalice Solutions.
To address the concerns, Zoom has embarked on a 90-day plan https://blog.zoom.us/wordpress/2020/04/08/update-on-zoom-90-day-plan-to-bolster-key-privacy-and-security-initiatives and has formed a CISO Council, which includes chief information security officers of HSBC, NTT Data, Procore and Ellie Mae, to discuss about privacy, security and technology issues.
It has also set up a board to advise CEO Yuan on privacy issues. The initial members include executives from VMware, Netflix, Uber and Electronic Arts.
"I would think, however, that whatever issues Mr Stamos and advisory board identify will take more than 90 days to fix, revise, or change in the network," said Summit Insights Group analyst Jonathan Kees.
Zoom, which competes with Microsoft's Teams and Cisco's Webex, has seen daily users jump to 200 million from 10 million and the stock surged to a record high in March.
The recent concerns, however, have shaved 31% from the stock's March high of $164.94 through Tuesday's close. It was up 8% in early trading on Wednesday on the Nasdaq.
(Reporting by Akanksha Rana and Supantha Mukherjee in Bengaluru, Additional reporting to Raphael Satter in Washington; Editing by Sriraj Kalluvila and Saumyadeb Chakrabarty)
