Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Privacy Security

SpaceX Bans Zoom Over Privacy Concerns (reuters.com) 52

Elon Musk's rocket company SpaceX has banned its employees from using video conferencing app Zoom, citing "significant privacy and security concerns," according to a memo seen by Reuters, days after U.S. law enforcement warned users about the security of the popular app. From a report: SpaceX's ban on Zoom Video illustrates the mounting challenges facing aerospace manufacturers as they develop technology deemed vital to national security while also trying to keep employees safe from the fast-spreading respiratory illness. In an email dated March 28, SpaceX told employees that all access to Zoom had been disabled with immediate effect. "We understand that many of us were using this tool for conferences and meeting support," SpaceX said in the message. "Please use email, text or phone as alternate means of communication."

NASA, one of SpaceX's biggest customers, also prohibits its employees from using Zoom, said Stephanie Schierholz, a spokeswoman for the U.S. space agency. The Federal Bureau of Investigation's Boston office on Monday issued a warning about Zoom, telling users not to make meetings on the site public or share links widely after it received two reports of unidentified individuals invading school sessions, a phenomenon known as "zoombombing."

This discussion has been archived. No new comments can be posted.

SpaceX Bans Zoom Over Privacy Concerns

Comments Filter:
  • Comment removed based on user account deletion
    • by alvian ( 6203170 )
      Why all the popularity with Zoom? What do they offer that Skype doesn't? Facetime will leave out people not in the Apple ecosystem.
      • by toutankh ( 1544253 ) on Thursday April 02, 2020 @10:48AM (#59900980)

        With Zoom you can create an online meeting and invite 50 people to it by just giving them a URL. They click on the link and join the meeting, possibly from their browser, done.

        Last time I tried Skype you couldn't do that, i.e. you needed to have every chat member in your contact list as "friend" or whatever they call it. Imagine managing an online class like that.

        • Most of the industry uses Citrix/GoToMeeting, Cisco/WebEx, or Microsoft/Teams. Zoom has always been known as a shitty also-ran, like BlueJeans. Somehow they've managed to capture the public eye and boost themselves in this crisis
          • Re: (Score:3, Informative)

            by guruevi ( 827432 )

            If you think Zoom is shitty, you have never used Citrix or Cisco. Nobody uses Microsoft Teams even though it's included in every single Office license, so most companies already have access.

            • by Pascoea ( 968200 ) on Thursday April 02, 2020 @11:20AM (#59901122)

              Nobody uses Microsoft Teams

              Speak for yourself. We use Skype for Business primarily, but my team is moving more and more onto Teams. My prior company used WebEx(Cisco?) and they can keep that shit. I've been on a couple of Zoom calls, have never ran one myself, but it seemed to be ok.

            • Businesses use GoToMeeting or WebEx all the time. as they are better set up for security in mind.

              • by jbengt ( 874751 )
                My daughter's in dental school, and they just began to use Zoom to tele-school during the virus lock-down. The first day the class session got hacked by trolls, and it got really out of hand after they were discovered. I think they figured out how to keep them out now, though. But they're definitely going to avoid discussing confidential patient information in the Zoom sessions going forward.
            • by bhcompy ( 1877290 ) on Thursday April 02, 2020 @11:29AM (#59901162)
              As a consultant, I live on those kinds of products. Zoom is better than BlueJeans, but that isn't saying much. The other 3 are superior in their options and support/reliability. And I work with companies and governments all the time that use Teams primarily. For governments, if they run a Microsoft house, it's a no brainer. The GCC/DoD product is certified to run in basically all federal(and state) agencies, where historically they could only run products that they hosted and had passed STIG and such, like Bomgar
            • We use Teams and had a teams live event today with 1000+ people connected around the globe with no problems.
            • by jbengt ( 874751 )
              Skype, Webex, GoToMeeting, and a couple others we use whenever on of our clients or one of their contractors use it. We've had Teams since we got everyone new computers at the beginning of the year. Since we're a small company (10 people), we never used it, or any of the other offerings, internally. But now that we're distancing, everyone is working from home and we use it all the time. I have no idea if it's good or not, but it has been convenient.
              Maybe MS is behind creating the virus!
              (Not trolling,
            • We've started using teams for our daily meetings. Most people keep the camera off, but you can also just type into the chat if that's what's available to you at the time. So far, as long as everyone is on a mobile device, the whole thing has been pain-free. The only issues I've seen is when someone is at a PC trying to get an external mic working.

            • It's not as popular as Outlook but a lot of companies use Microsoft Teams. It's very new and growing extremely fast. Slack usage is getting destroyed by it.
            • by DrXym ( 126579 )
              We use Teams and it works pretty well. I wouldn't say it's the perfect app but team chats, VCs, instant messaging are all easy enough to do. I expect that the number of companies using it has skyrocketed in the last month precisely because it is part of the licence, integrates with Office, ActiveDirectory and it works. If I were in the IT / security department I would have far greater confidence in its security than the likes of Zoom, Houseparty or whatever even if it takes a little more effort to get going
          • by mi ( 197448 ) <slashdot-2017q4@virtual-estates.net> on Thursday April 02, 2020 @11:07AM (#59901070) Homepage Journal

            Somehow they've managed to capture the public eye and boost themselves in this crisis

            Maybe, that's because, like Microsoft products, they are easy to get started with?

            Groups, that have been using teleconferencing before continue to use whatever services they always did, but new users go to Zoom because it is easy?

            Schools, kindergartens, karate- and dance-studios, haven't used such systems before — and would've mocked any suggestion they ever will — but needed to get something rapidly. Without any pre-existing expertise, they chose the easy over the good...

            That said, I am not at all sure, Zoom really is as "shitty" as you claim it to be...

            • by Pascoea ( 968200 )
              They've captured the public eye because they advertise incessantly. Before the quarantine, when I was driving to work I couldn't make it 5 miles without seeing a Zoom billboard, hearing a Zoom ad on NPR/MPR, or seeing a car with a Zoom bumper sticker/window sticker/car wrap. I can't even imagine what their advertisement budget looks like.
          • Comment removed based on user account deletion
          • by ceoyoyo ( 59147 ) on Thursday April 02, 2020 @11:43AM (#59901216)

            I've used all of them (although I've never heard of BlueJeans). They're all shitty. Since they all have free versions I assume they all spy on you.

            Zoom has a very important premium feature though, and, oddly, it is *only* available in the free version: it cuts off meetings after 40 minutes.

        • Last time I tried Skype you couldn't do that, i.e. you needed to have every chat member in your contact list as "friend" or whatever they call it. Imagine managing an online class like that.

          Where I work we use business Skype. I am not sure if there is a limit to the number of people that can join a meeting, but I know that you do not need to be in the contact list. I have brought in outside vendors for meetings by sending them an email with a url. Personal skype, I don't know what the limitations are. Bu

    • We looked at Jitsi [jitsi.org], it does voice & video - seems secure. You can run an app on your Android or Apple 'phone or use a web browser like Firefox or Chromium. You can download & run it on your own servers [jitsi.org], it is open source. There is also a hosted place that you can go to [meet.jit.si].

  • by garcia ( 6573 ) on Thursday April 02, 2020 @10:28AM (#59900878)

    Zoom was well known prior to this but saw almost no media coverage prior to state lockdowns. Why is there a sudden interest in everything that is wrong w/Zoom's application rather than the ease of use in getting it up and running as well as their seemingly immediate attempts to clean up what has been found?

    Is this like the negativity around Tesla? People invested in other technologies and their related companies are pissed about the uptick in share price and their attempts to bring it back down or are these issues really that important?

    • by Immerman ( 2627577 ) on Thursday April 02, 2020 @10:39AM (#59900940)

      >Why is there a sudden interest in everything that is wrong w/Zoom's application
      Probably because it's the essential counterpoint to the sudden surge in people spreading the word of the ease-of-use.

      Ease of use is wonderful if you're not discussing anything sensitive, but security is far more important for anyone discussing stuff that would be a target for espionage. Which means Zoom is a poor option for cutting edge engineering meetings, anything involving attorney-client privilege, etc,etc,etc. And because it's a tool most people were unfamiliar with a month ago, it's a fair bet that most of them are still unaware of the security problems.

      Not to mention that the very fact that the popularity of Zoom is skyrocketing, is also making it a much larger target, for both black- and white-hat hackers. Not unlike the reason most malware is written for Windows - yeah, it's less secure than the major alternatives, but even if it weren't, it's the big target - you get 20x or more the return on finding a Windows vulnerability than one on Linux or MacOS.

      • Re: (Score:2, Insightful)

        by SuperKendall ( 25149 )

        Ease of use is wonderful if you're not discussing anything sensitive, but security is far more important for anyone discussing stuff that would be a target for espionage.

        And how do we truly know any of the competitors are better in this regard?

        The attacks on Zoom are a hatchet job, pure and simple. Maybe by competitors but possibly to try and drive companies to even less secure alternatives.

        • And how do we truly know any of the competitors are better in this regard?

          Look at where they're certified to be used. Teams has a DoD cloud and authorization to operate within the DoD, Zoom does not(though it does has FedRAMP authorization in the AWS GovCloud).

          • I was more thinking of products besides Teams, like WebEX... but even with that certification I question if Teams is truly more secure. Did the DoD certification involve a truly competent code review? I find it hard to believe that any of them would have truly rock-solid security and no avenues for attack, all of them update clients pretty frequently.

            • I've been involved in products that have gone through the DoD STIG process and it was a major years long pain in the ass of back and forth over code and protocol questions(and required changes). I imagine Microsoft went through the same rigamarole
              • Good to know, I just question how the integrity of the product can be maintained with constant releases and shifting toolsets/compilers, is the DoD also reviewing all updates? They may be I guess....

                Thanks for letting me know how rigorous the process actually is though, that's good to know.

                • Just depends on the product I think. Patches/service packs and minor releases underwent different lengths of review depending on what was being patched, major version upgrades basically started over to some degree from near scratch(nothing took as long as the first time, but they could take a long time to certify a major release). Everything was vetted, and not every release was installed unless it was needed for security or features

                  The other thing is the datacenter requirements for cloud stuff, which th
    • by ZuckFucker ( 6110380 ) on Thursday April 02, 2020 @10:46AM (#59900970)
      Because it's a steaming pile of shit full of security holes which are the result of such incompetence that it makes a lot of us believe they were intentionally inserted by design. The wall of flies that is circulating around this horseshit makes it nearly impossible for some people to even get a clear view of it.

      1. No end to end encryption though they claim it.

      2. Leaks to Facebook.

      3. Leaks to LinkedIn.

      4. Throwing people together just because they have the same domain on their email address.

      5. For MacOS users, set up an open web server for no apparent reason.

      I'm sure you can find a more comprehensive list.

    • Cisco has been losing out with their WebEx and Zoom has taken over the market. Thus all of this negative PR. The big tech companies don't like upstarts unless they can be purchased.

      • Have you actually been reading the recent security problems with that thing? This is entirely Zoom being pantsed and shown for what they are, data miners.
    • Zoom was heavily shorted going into the Autumn. It has since been going up due to it's popularity during this lockdown. I assume all the unfortunate institutions that shorted this puppy are trying to talk down the share price in order to cover more cheaply.
      • Zoom was heavily shorted going into the Autumn. It has since been going up due to it's popularity during this lockdown.

        Looks like all the people that lost money shorting Tesla moved right over to shorting Zoom, are MO with the shitposting.

        Problem for them is, that Zoom is actually a really good product compared to other videoconferencing software. So it seems unlikely to deter many from moving to inferior solutions.

      • by khchung ( 462899 )

        Zoom was heavily shorted going into the Autumn. It has since been going up due to it's popularity during this lockdown.

        I assume all the unfortunate institutions that shorted this puppy are trying to talk down the share price in order to cover more cheaply.

        Probably by the same people who bought heavily into Bitcoin and shorted Tesla.

    • by ceoyoyo ( 59147 )

      Because Cisco and MS want to spy on you, so they're trying to capture some of Zoom's customers.

    • by tlhIngan ( 30335 )

      Zoom was well known prior to this but saw almost no media coverage prior to state lockdowns. Why is there a sudden interest in everything that is wrong w/Zoom's application rather than the ease of use in getting it up and running as well as their seemingly immediate attempts to clean up what has been found?

      Is this like the negativity around Tesla? People invested in other technologies and their related companies are pissed about the uptick in share price and their attempts to bring it back down or are these

  • I mean, while a password isn't necessarily foolproof... it's certainly theoretically possible for someone to guess it, but it should keep out unwanted people who might discover a live zoom session id.
    • by Areyoukiddingme ( 1289470 ) on Thursday April 02, 2020 @11:11AM (#59901086)

      You know you can have a password, right? I mean, while a password isn't necessarily foolproof... it's certainly theoretically possible for someone to guess it, but it should keep out unwanted people who might discover a live zoom session id.

      In SpaceX's case it's not really random schmucks joining meetings that's the problem. It's the fact that the alleged end-to-end encryption... isn't. SpaceX is subject to ITAR. Zoom collects an enormous amount of data, including company proprietary data it has no business retaining. SpaceX is required by law to protect its engineering data, because another name for an orbital rocket is Overachieving ICBM. It's a wonder SpaceX hasn't required an audited end-to-end encrypted solution long before now. That was a dangerous hole that could have gotten them sued by the federal government and may have cost them defense contracts.

  • It's entirely due to ITAR and FOUO/CUI restrictions, the same reason why SpaceX almost exclusively hire American citizens. This is why ZoomGOV exists (slightly different client, most definitely a different, more hardened cloud server, save zoom company). The same meetings aren't allowed on standard versions of Facebook portal, Google Hangouts, Skype, or any other video service for that matter that isn't explicitly approved for their respective sensitivity.
  • They can use Skype and spend half the meeting getting it to work
    • by k6mfw ( 1182893 )

      I haven't tried using Skype for some time, it seems most of these video conferencing tools need a lot of work to get going. Unless you have some smart IT people on your staff that work out all the details then assemble a easy to follow checklist to get started with a video conference app. I found Zoom to be really easy to download, install, and begin running. I've not used it for any serious stuff, but I've read stories of school sessions getting zoombombed.

      So I guess it comes down to what others said bef

  • Go read the Zoom Blog posted on April 1st. It pretty much gives a reasonable explanation and commits to changes. Also, for Government...zoomgov exists for a reason. It's Fedramp certified and DHS approved. The other services (Webex, Bluejeans, etc) are also not end to end encrypted. That being said, Zoom is but key management is held in by zoom. It's right to hold Zoom accountable, but the "cancel culture" in regards to security and software companies is dumb.
    • Agreed. This is a company that has been thrown into the spotlight, warts and all. Unlike the big boys like Facebook/Google, Zoom is admitting to deficiencies and promising to fix...in short order.

      FB would basically give you the finger and keep going. Also its crazy to think that the high security needs of a few specialized,govt security regulated entities like SpaceX etc set the bar for everyone. Like driving a Unimog to the grocery store, just in case.

  • If you don't know how to use the app then yes it is vulnerable. To make is safe, always use a password and always validate email addresses. Don't publish your meetings on social media or public forums. Fairly simple, something you should be doing with any meeting software or business system.

In the long run, every program becomes rococco, and then rubble. -- Alan Perlis

Working...