The Federal Trade Commission (FTC) announced that it had reached a settlement with web conferencing company Zoom after the FTC alleged that Zoom misled its users by offering a false sense of security whereas they practice poor security measures. One of the features in question was the security issues in Zoom’s key encryption. In the FTC complaint, the agency states that Zoom falsely claimed it offered end-to-end 256-bit encryption in 2016 while it actually offered a lower level of encryption. The
FTC also reports that Zoom falsely claimed that recorded meetings stored in the cloud were encrypted, however, they were stored unencrypted for up to 60 days, posing a serious security risk to all customers. Other complaints detailed in the report include claims that Zoom secretly installed the ZoomOpener web server on its Mac desktop application in 2018. The settlement requires Zoom to implement a vulnerability/bug bounty program, document security risks annually, deploy multi-factor authentication and implement data deletion.
Read More: Zoom Settles with FTC After Charges it Misled Customers