Zoom must adhere to strict security standards to satisfy an agreement with the Federal Trade Commission, the commission announced Monday.
The video conferencing company and an omnipresent fixture of the COVID-19 lockdowns has had a string of security controversies dating back to last year, including services it advertised, but did not offer. In May, it was discovered the app was not end-to-end encrypted as advertised. Other discoveries included video recordings not being immediately encrypted and, between 2018 and 2019, installation of a "ZoomOpener" webserver module on Macs that bypassed Apple's security.
The agreement between the FTC and Zoom will soon be published in the Federal Register before undergoing a 30-day public comment period. As it currently stands, Zoom agrees not to mislead the public about security features and regularly audit its security in a variety of ways. It also agrees to follow standardized processes for video file naming, personal data deletion, and investigating security events.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.