Zoom CEO acknowledges security ‘missteps’, says impact of calls routed through China was ‘minor’
- ‘What I can promise you is that we take these issues very, very seriously,’ Zoom CEO Eric Yuan says
- The video conferencing app has seen a surge of users staying home due to the coronavirus pandemic, but also a backlash over security and privacy issues
The CEO of Zoom Video Technologies acknowledged in a live-streamed broadcast on Wednesday that the company had made “missteps” in handling a surge of new users staying home during the coronavirus pandemic, leading to problems such as routing of traffic through China and “Zoombombing”, when uninvited guests crash meetings.
Zoom’s popular video conferencing app was built primarily for enterprise and business customers, but people have been using it in unexpected ways in the past few weeks including live-streamed classes, virtual happy hours and even online weddings, Zoom founder and chief executive Eric Yuan said in the live broadcast on YouTube.
“Clearly we have a lot of work to do to ensure the security of all these new consumer use cases,” Yuan said. “But what I can promise you is that we take these issues very, very seriously. We’re looking into each and every one of them. If we find an issue, we’ll acknowledge it and we’ll fix it.”
Nonetheless, the Chinese-born American CEO maintained that the app is safe to use: “I can tell you – Zoom is absolutely safe compared to our peers,” he said. “We have never sold user data in the past and we have no intention to do it.”
Zoom hires ex-Facebook security chief as Google bans desktop app
It is also preparing a transparency report and will conduct a full security review with third-party experts and researchers, said Yuan on Wednesday.
In the broadcast, Yuan also specifically addressed a Citizen Lab report last week about meeting data being routed through servers in China, saying he believed the impact was “very minor”.
Last Friday, the same day the Citizen Lab report was published, Yuan published a blog post explaining how the issue occurred.
Are Zoom’s security issues really just the tip of the iceberg?
Zoom clients normally attempt to connect to a series of primary data centres in or near a user’s region, he wrote, but if multiple connection attempts fail due to network congestion or other issues, they are rerouted to two secondary data centres listed as potential backup bridges to the Zoom platform.
Typically, Zoom’s two Chinese data centres are excluded from the secondary options for users outside the country, but due to a mistake they were whitelisted and allowed non-Chinese clients to route traffic through them when some users’ primary servers were unavailable, Yuan said in the post.
“To be clear, this should have never happened and this issue was completely addressed last Friday,” Yuan said on Wednesday in the live-stream. “The China server should never have been an option for non-China participants, because that’s a configuration and design flaw.”
Yuan also said he believed that the impact on users through this issue was small: among over 233 million participants worldwide that logged onto Zoom meetings on April 1, for example, only 37 participants – all of whom would normally have been connected through US data centres – were mistakenly routed through servers in China.
The company has since removed all China-based servers from its server infrastructure for non-local users, Yuan said. “I guarantee you this will never happen again,” he added.
Sign up now and get a 10% discount (original price US$400) off the China AI Report 2020 by SCMP Research. Learn about the AI ambitions of Alibaba, Baidu & JD.com through our in-depth case studies, and explore new applications of AI across industries. The report also includes exclusive access to webinars to interact with C-level executives from leading China AI companies (via live Q&A sessions). Offer valid until 31 May 2020.