Zoom rolls out new measures as security fears mount

Videoconferencing platform Zoom is rolling out a number of measures meant to stem criticism over how it has handled security as users flock to the application during the coronavirus pandemic.

Zoom chief executive Eric Yuan laid out steps Wednesday that the company is taking against problems such as data hacking and harassment by individuals who crash sessions in what is referred to as "Zoombombing."

By week's end, paid account holders will be able to select which regions their data is routed through during their sessions in a move apparently aimed at concerns over information passing through China where it might be subject to snooping.

"As a reminder, meeting servers in China have always been geofenced with the goal of ensuring that meeting data of users outside of China stays outside of China," Zoom said in an online post.

The Silicon Valley startup also said that it is working with cyber-security firm Luta Security to overhaul processes and its "bug bounty" program that pays rewards to researchers who find security flaws in its operations.

Zoom also addressed a recent report that users' log-in information was being sold by criminals on the "dark web."

The credentials were likely stolen elsewhere on the internet, or by malicious code slipped into people's computers, according to Zoom advisor Alex Stamos, former chief of security at Facebook.

It is not uncommon for hackers to take passwords and account names pilfered in data breaches and then check whether people use them for other online services.

Zoom said it is building systems to "detect whether people are trying out username and password pairings and block them from trying again."

Improvements to Zoom security also include a toolbar to easily access features such as locking chats from strangers and making meeting password requirements a default setting.

"To successfully scale a video-heavy platform to such a size with no appreciable downtime and in the space of weeks is literally unprecedented in the history of the internet," Stamos said in a post.

"The related security challenges are fascinating."

India this week banned the use of Zoom for government remote meetings, saying it "is not a safe platform."

The New York school system has also banned the videoconferencing platform based on security concerns.

Prosecutors from several US states are meanwhile investigating the company's privacy and security practices, and the FBI has warned of Zoom sessions being hijacked.

According to Yuan, the number of people taking part in Zoom meetings daily eclipsed 200 million in March, up from just 10 million at the end of last year.