(Adds details from Berkeley school district incident, details
on Stamos pay)
By Supantha Mukherjee, Akanksha Rana and Stephen Nellis
April 8 (Reuters) - Zoom Video Communications Inc has
tapped former Facebook security chief Alex Stamos as an adviser
as safety and privacy concerns about its fast-growing
video-conferencing app drive a global backlash against the
company.
That backlash includes a move on Wednesday by Alphabet Inc's
Google to ban the desktop version of Zoom from
corporate laptops.
In a stark illustration of Zoom's security issues,
officials at Berkeley High School in California said they
suspended use of the app after a "naked adult male using racial
slurs" intruded on what the school said was a password-protected
meeting on Zoom, according to a letter to parents seen by
Reuters.
Taiwan and Germany have already put restrictions on Zoom's
use, while Elon Musk's SpaceX has banned the app over security
concerns. The company also faces a class-action lawsuit.
A Berkeley school district spokeswoman said it was possible
a password had been shared, allowing the intrusion. But she
added that the entire district was putting Zoom on pause for at
least "a few days" to consider how to use and train for
video-conferencing.
Coronavirus lockdowns have driven a surge in Zoom usage,
even as concerns have grown over its lack of end-to-end
encryption of meeting sessions, routing of traffic through China
and "zoombombing," when uninvited guests crash meetings.
Zoom shares were up 3.8% in late trade on Wednesday after
shedding a third in value over the previous 10 days.
Zoom attracted users with its ease of use, as well as a free
offering. Many schools around the world also started using it
for online classes.
In a series of tweets https://twitter.com/alexstamos/status/1245197038083428352a
in late March, Stamos called on Zoom to be more transparent and
roll out a 30-day security plan. That led to the platform's
founder and Chief Executive Officer Eric Yuan asking him to
weigh in as an outside consultant.
"Zoom has some important work to do in core application
security, cryptographic design and infrastructure security, and
I'm looking forward to working with Zoom's engineering teams on
those projects," Stamos, now an adjunct professor at Stanford
University, wrote in a blog post https://medium.com/@alexstamos/working-on-security-and-safety-with-zoom-2f61f197cb34
on Wednesday. Stamos said on Twitter he would be a paid
consultant to Zoom.
Brent Stephens, superintendent of Berkeley Unified School
District, told Reuters the teacher involved in the Zoom incident
Tuesday had been trained on security measures and appeared to
have used them. But an imposter gained access to the waiting
room using a pseudonym close enough to a real name to trick the
teacher, who removed the intruder and reported the incident.
Stephens said the district was now evaluating whether a
competing product from Google, whose software the district uses
for other functions, could prevent similar incidents in the
future.
"Rather than shift from one platform to another, we wanted
to take a pause," Stephens said, "and not run the risk to
student safety."
On Wednesday, Google said it was taking Zoom off workers'
computers because of security concerns. A Google spokesman said
employees could still use the mobile and browser-based versions
of Zoom.
To address security concerns, Zoom has embarked on a 90-day
plan https://blog.zoom.us/wordpress/2020/04/08/update-on-zoom-90-day-plan-to-bolster-key-privacy-and-security-initiatives
and has formed a CISO Council, which includes chief information
security officers of HSBC, NTT Data, Procore
and Ellie Mae, to discuss about privacy, security and
technology issues.
It has also set up a board to advise Yuan on privacy issues.
The initial members include executives from VMware,
Netflix, Uber and Electronic Arts.
Zoom, which competes with Microsoft's Teams and
Cisco's Webex, has seen daily users jump to 200 million
from 10 million and the stock surged to a record high in March.
(Reporting by Akanksha Rana and Supantha Mukherjee in
Bengaluru, Stephen Nellis in San Francisco; Additional reporting
to Raphael Satter in Washington; Editing by Peter Henderson,
Marguerita Choy abd Tom Brown)