David is a tech journalist who loves old-school adventure games, techno and the Beastie Boys. He's currently on the finance beat. David is a tech journalist who loves old-school adventure games, techno and the Beastie Boys. He's currently on the finance beat.
Zoom, the free conference calling app that’s found booming popularity amongst both users and stock traders during the coronavirus COVID-19 pandemic, has now drawn the attention of New York attorney general, Laetitia James.
James’ office sent the company a letter on Monday that requested the startup provide details of additional steps its taken to protect new users, which are especially important considering Zoom’s rough history with security flaws, the New York Times reports.
[Read: SEC halts $ZOOM after coronavirus traders confuse it for Zoom app]
“[Our office] is concerned that Zoom’s existing security practices might not be sufficient to adapt to the recent and sudden surge in both the volume and sensitivity of data being passed through its network,” said the letter.
“While Zoom has remediated specific reported security vulnerabilities, we would like to understand whether Zoom has undertaken a broader review of its security practices,” it added.
Zoom not prepared for the responsibility of popularity
Coronavirus lockdownees across the world have turned to Zoom in a bid to keep workplaces running smoothly and stay social. User traffic is on the rise, and so is Zoom’s share price: Up over 140% this year.
Zoomers have hosted everything from weddings, yoga sessions, university lectures, concerts, to bar mitzvahs — but vulnerabilities have plagued the platform for quite some time.
Last year, a security researcher warned of a bug in Zoom’s Mac version that could’ve been exploited to lure users into meetings with their webcams turned on without their permission, among other things. The firm rolled out a fix, but only after a public interest research group filed a complaint with the Federal Trade Commission.
There’s also “Zoombombing,” the act of exploiting the app’s screen-sharing feature to hijack conference calls. TNW reported last week that a school in Norway had ditched Zoom as distance-learning tool after a naked man guessed a video call link and flashed a group of school kids.
In its letter, the New York AG office expressed concern that the app might also be offloading data consent requirements onto schools in a bid to circumvent state protections for students. Earlier this week, Zoom was revealed to be non-consensually sharing data with Facebook.
To address these concerns, James reportedly requested to be informed of Zoom’s policy for obtaining and verifying consent in primary and secondary schools, as well as details of third parties who had already received data pertaining to children.
Zoom so far says its school services are in line with the US’ federal laws, but let’s see if that tune changes with New York’s top lawyer is breathing down its neck.
Get the TNW newsletter
Get the most important tech news in your inbox each week.