X

Zoom agrees to implement more security for video calls under FTC settlement

Zoom deceived customers about how secure its video calling app was, the FTC alleges.

Corinne Reichert Senior Editor
Corinne Reichert (she/her) grew up in Sydney, Australia and moved to California in 2019. She holds degrees in law and communications, and currently writes news, analysis and features for CNET across the topics of electric vehicles, broadband networks, mobile devices, big tech, artificial intelligence, home technology and entertainment. In her spare time, she watches soccer games and F1 races, and goes to Disneyland as often as possible.
Expertise News, mobile, broadband, 5G, home tech, streaming services, entertainment, AI, policy, business, politics Credentials
  • I've been covering technology and mobile for 12 years, first as a telecommunications reporter and assistant editor at ZDNet in Australia, then as CNET's West Coast head of breaking news, and now in the Thought Leadership team.
See full bio
Corinne Reichert
2 min read
zoom-logo-apple-iphone-11-3436

Zoom has agreed to ramp up its security.

 Angela Lang/CNET

Zoom has agreed to implement better security for its video calling platform under a settlement with the US Federal Trade Commission. The company "deceived users" by claiming to had end-to-end 256-bit encryption , the FTC alleged in its complaint.

"In reality, the FTC alleges, Zoom maintained the cryptographic keys that could allow Zoom to access the content of its customers' meetings, and secured its Zoom Meetings, in part, with a lower level of encryption than promised," the FTC said.

It also allegedly stored some recorded meetings unencrypted on its servers for up to 60 days.

Zoom's security issues came to light when working from home became the norm under coronavirus lockdowns and restrictions. According to the FTC, its user base increased from 10 million in December last year to 300 million in April. But with "zoombombings" becoming more frequent, the video meeting company came under pressure to secure users' connections.

"During the pandemic, practically everyone -- families, schools, social groups, businesses -- is using videoconferencing to communicate, making the security of these platforms more critical than ever," Andrew Smith, FTC's director of Consumer Protection, said in a statement. "This action will help to make sure that Zoom meetings and data about Zoom users are protected."

As a result of its issues, Zoom bought a security company in May and rolled out end-to-end encryption for calls last month.  

Read more: How to use Zoom like a pro: 15 video chat tips and tricks to try now

The FTC's complaint also alleged Zoom "secretly installed software" called ZoomOpener, which allowed computers to launch the app without permission from the user. This in turn "increased users' risk of remote video surveillance by strangers," it's alleged.

Zoom didn't admit or deny the allegations in the settlement, but agreed to implement a new mandated information security program within 60 days. It must also use more secure safeguards like multi-factor authentication and data deletion; document potential risks annually and ways to mitigate those risks; and implement a vulnerability management program. The video-calling company also agreed not to make misrepresentations about privacy, security and data usage. Independent security audits are required every other year.

Zoom said security "is a top priority," and it had already begun implementing a number of the recommendations.

"We take seriously the trust our users place in us every day, particularly as they rely on us to keep them connected through this unprecedented global crisis," a Zoom spokesperson told CNET in an emailed statement. "Today's resolution with the FTC is in keeping with our commitment to innovating and enhancing our product as we deliver a secure video communications experience."