Security News > 2020 > November > Zoom strong-armed by US watchdog to beef up security after boasting of end-to-end encryption that didn't exist

Zoom has been forced to agree to a range of security improvements in a settlement with America's consumer watchdog, the Federal Trade Commission, as a result of earlier wrongly claiming it offered true 256-bit end-to-end encryption.

The pact [PDF], announced Monday, obliges the video-conferencing giant to carry out an annual security assessment of its software and have its internal security program assessed by a third-party every two years.

Zoom staff will have to review software updates for security flaws and make sure they don't impede third-party security measures - as happened in July 2018 when a Zoom update bypassed an anti-malware feature in Apple's Safari browser and fired up a web server called ZoomOpener that directly launch the Zoom App.

The commission's investigation also dug into Zoom's earlier claim it offered 256-bit end-to-end encryption when in fact the feature didn't actually exist - the software maker says it has since implemented the technology.

There is no mention of privacy in the settlement: something that Commissioner Slaughter says "Reflects a failure by the majority to understand that the reason customers care about security measures in products like Zoom is that they value their privacy."

News URL

https://go.theregister.com/feed/www.theregister.com/2020/11/09/zoom_ftc_deal/