Video calling app Zoom's phenomenal success has been marred by security concerns. The app was first accused of Zoombombing in which an intruder can gain access to a video without any authentication.
Google bans Zoom
Now, Google has reportedly banned the Zoom app from all of its employees' devices, claims a Buzzfeed report. Google has reportedly sent an email to all its employees working distantly due to the coronavirus pandemic that Zoom has several security flaws and recommended that they uninstall the app.
The Facebook connection
According to a research report by Motherboard published last week, Zoom was allegedly sending all iPhone and iPad users to Facebook even if they don't use the social media app. After the report was published, Zoom claimed that they have removed the SDK from the app, which was connecting to the Facebook server.
Compromising macOS users' security
A few days later, a security researcher discovered a significant security flaw in the Zoom app for macOS, which could let a hacker control the webcam and microphone of any MacBook or iMac user. The company is reported to have recently accepted the allegations of routing some of its conferencing traffic via servers in China and said that they will stop doing so.
Google is not the first company to ban the video conferencing app. Last week, SpaceX owner Elon Musk asked all employees to get rid of Zoom. New York City's Department of Education has also asked its schools to dump Zoom.
Zoom has reportedly been sued by one of its shareholders for allegedly overstating its security features. The lawsuit filed in the US District Court for the Northern District of California has claimed that Zoom has overstated its security features by claiming to use end-to-end encryption. In reality, the app reportedly uses transport encryption as a measure of protecting its data.
TLS vs EEE
Transport Layer Security (TLS) is mostly used by various websites to secure their communication between the server and web browsers. While TLS is considered a secure method of encryption for data transmission, it doesn't offer ample protection in contrast to end-to-end encryption. End-to-end encryption encrypts plain text data from the sender's device. It gets decrypted once it reaches the recipient's device. In contrast, TLS encrypts the message at the sender's device but gets decrypted on the communication server itself. Later, the message gets encrypted again and is transmitted to the recipient's device. In communication services, end-to-end encryption is always preferred to TLS due to security concerns. Popular instant messaging and videoconferencing apps like WhatsApp, Telegram, Skype, WebEx and Google Hangout use end-to-end encryption to keep their users' data secured.