(Reuters) - Zoom Video Communications Inc (ZM.O) has tapped former Facebook security chief Alex Stamos as an adviser as safety and privacy concerns about its fast-growing video-conferencing app drive a global backlash against the company.
That backlash includes a move on Wednesday by Alphabet Inc’s (GOOGL.O) Google to ban the desktop version of Zoom from corporate laptops.
In a stark illustration of Zoom’s security issues, officials at Berkeley High School in California said they suspended use of the app after a “naked adult male using racial slurs” intruded on what the school said was a password-protected meeting on Zoom, according to a letter to parents seen by Reuters.
Taiwan and Germany have already put restrictions on Zoom’s use, while Elon Musk’s SpaceX has banned the app over security concerns. The company also faces a class-action lawsuit.
A Berkeley school district spokeswoman said it was possible a password had been shared, allowing the intrusion. But she added that the entire district was putting Zoom on pause for at least “a few days” to consider how to use and train for video-conferencing.
Coronavirus lockdowns have driven a surge in Zoom usage, even as concerns have grown over its lack of end-to-end encryption of meeting sessions, routing of traffic through China and “zoombombing,” when uninvited guests crash meetings.
Zoom shares were up 3.8% in late trade on Wednesday after shedding a third in value over the previous 10 days.
Zoom attracted users with its ease of use, as well as a free offering. Many schools around the world also started using it for online classes.
In a series of tweets here in late March, Stamos called on Zoom to be more transparent and roll out a 30-day security plan. That led to the platform's founder and Chief Executive Officer Eric Yuan asking him to weigh in as an outside consultant.
"Zoom has some important work to do in core application security, cryptographic design and infrastructure security, and I'm looking forward to working with Zoom's engineering teams on those projects," Stamos, now an adjunct professor at Stanford University, wrote in a blog post medium.com/@alexstamos/working-on-security-and-safety-with-zoom-2f61f197cb34 on Wednesday. Stamos said on Twitter he would be a paid consultant to Zoom.
Brent Stephens, superintendent of Berkeley Unified School District, told Reuters the teacher involved in the Zoom incident Tuesday had been trained on security measures and appeared to have used them. But an imposter gained access to the waiting room using a pseudonym close enough to a real name to trick the teacher, who removed the intruder and reported the incident.
Stephens said the district was now evaluating whether a competing product from Google, whose software the district uses for other functions, could prevent similar incidents in the future.
“Rather than shift from one platform to another, we wanted to take a pause,” Stephens said, “and not run the risk to student safety.”
On Wednesday, Google said it was taking Zoom off workers’ computers because of security concerns. A Google spokesman said employees could still use the mobile and browser-based versions of Zoom.
To address security concerns, Zoom has embarked on a 90-day plan here and has formed a CISO Council, which includes chief information security officers of HSBC (HSBA.L), NTT Data (9613.T), Procore PCOR.N and Ellie Mae, to discuss about privacy, security and technology issues.
Reporting by Akanksha Rana and Supantha Mukherjee in Bengaluru, Stephen Nellis in San Francisco; Additional reporting to Raphael Satter in Washington; Editing by Peter Henderson, Marguerita Choy abd Tom Brown