Zoom, a highly popular video conferencing app, is proving to have lots of huge privacy and security issues that even the FBI has issued a stern warning.

The Federal Bureau of Investigation (FBI) has warned that teleconference hijacking was on the rise since March 30.

Horror stories on Zoom

Dennis Johnson, a postgraduate student, became a victim of online harassment on Zoom after intruders hijacked his doctoral dissertation and posted hate speech as well as pornographic images while using the video-conferencing application.

The event, known as “zoombombing,” happened with around 40 people in attendance, which included his friends, family, classmates, and his dissertation community.

Also, the video hijackers known as “zoombombers” have disrupted various meetings, social gatherings, and online classes from California to Texas, and even as far as New York, thus pointing out the severity of the attacks.

These scenarios show huge security flaws in the popular video-conferencing app, even as 200 million people used the app daily back in March.

Findings on Zoom’s problems, CEO acknowledges issues

New York Attorney General Letitia James has sent a letter asking the company to supply a description of “Zoom’s policy for obtaining and verifying consent in primary and secondary schools as well as a description of third parties who received data related to children,” among other things.

Furthermore, multiple researchers exposed various security vulnerabilities in Zoom’s systems, which include hackers being able to take over cameras and microphones in desktops, laptops, and mobile devices.

Finally, the tech site Motherboard reported earlier in March that Zoom has been sharing data with Facebook, even on its users who don’t use the social media platform. As a result, the company is now facing a class lawsuit.

New: Zoom pushes an update after we found the iOS app sending data to Facebook. They’ve now removed the code that was sending the data https://t.co/enXXVwpdQo — Joseph Cox (@josephfcox) March 27, 2020

For Zoom’s part, they said that they fixed the issues regarding the application and that they are doing everything they can to address the privacy issues surrounding the app.

Zoom’s CEO, Eric Yuan, released an official statement on the matter:

“We recognize that we have fallen short of the community’s – and our own – privacy and security expectations,” he wrote. “For that, I am deeply sorry, and I want to share what we are doing about it.”

We appreciate the scrutiny and questions we have been getting – about how the service works, about our infrastructure and capacity, and about our privacy and security policies. These are the questions that will make Zoom better [Blog Post] https://t.co/tDcWxRIF2V by @ericsyuan — Zoom (@zoom_us) April 2, 2020

Zoom: lessons learned and mitigation

Zoom iterated in their statement that they have been implementing swift measures to address the privacy and security issues in question. Among them are the following:

Removing the Facebook SDK in their iOS client to prevent collecting unnecessary user data.

Updating their privacy policy for transparency and clarity of data collection measures.

Rolling out several user guides on how to set up secure virtual classrooms.

Encrypting their platform and utilizing virtual “waiting rooms” for meetings.