We all love Zoom, stock market included, at least until this week.
Undoubtedly Zoom has strengths in this new locked-down world, but it also has weaknesses that seem to have been overlooked by buyers of its stock who understandably are impressed with the massive growth in active users during the work-from-home (WFH) stampede, as well as the virtues of the product itself.
Indeed, the weaknesses could be said to have been hiding in plain sight – it has always been weak on security and privacy.
Even before it listed on Nasdaq in April last year, it had suffered a number of embarrassments on the security front.
There has been the persistent “Zoombombing” problem, where unwelcome intruders disrupt meetings with offensive or otherwise inappropriate videos, or the bug discovered last year that allowed nefarious actors to take control of users’ webcams.
Zoombombing intrusions have been made a lot easier to achieve with a piece of software called zWarDial, which will find Zoom meeting rooms that are not protected by a password. And without the software you can just guess a room number and try your luck, even if the room number has been randomly generated.
Zoom’s allegedly lax approach to security would be an odd look for any company in this digital age, but even more so for a company based on something as potentially intimate as video conferencing.
Zoom’s bad news on security keeps coming
And it should be remembered that Zoom was first and foremost envisioned as an enterprise application, so security would – you would have thought – been a key consideration for both the vendor and the companies looking to deploy.
Many companies that have taken to Zoom are not even using password protection for their meetings.
The latest alarming tales from the security front concern vulnerabilities that potentially expose account details, although the company says the data is hashed (encrypted).
Probably most damaging of all is the data that Zoom was sending to Facebook about the devices being used on the platform. Although this data was likely anonymised it is a very big red flag for regulators and naturally for those consumers that have a problem with this sort of unsolicited data farming.
New York attorney general Letitia James wants to know more and the FBI has issued its own warning to businesses and consumers about the Zoombombing phenomenon.
Zoom has now opened itself up to lawsuits.
Indeed, it was subject to the first concerning the alleged sale to Facebook of the data it was sharing without permission last week in California. Expect many more to follow and lawyers to get rich(er) on class actions.
Not surprisingly then, the Zoom share price has pulled back from recent highs, falling 11% yesterday to $121.
However, if we put to one side the security issues and make the assumption (perhaps unwarranted) that it will get serious about fixing security holes – and get with the 21st century by implementing end-to-end encryption, more on his below – is there still something to see here for investors looking for more upside from stocks set to benefit from the work-from-home investment theme.
Zoom valuation is very rich
From a valuation standpoint (what other standpoint is there?) Zoom is already on a stratospheric price-to-earnings (p/e) ratio of 1,267.
Price-to-free-cashflow is, as you would expect, equally eye-watering at 272 – the Nasdaq industrial sector Telecommunication Services average is 12.23. The p/e ratio sector median is 15.63.
By any measure then, Zoom is off the chart, but can discounted cash flow still justify the astronomic price? Put that another way is the future market opportunity such that it makes the valuation more palatable.
According to documents filed for its IPO (in which it raised $751 million), it says it has an addressable market of $43 billion in hosted/cloud voice and IP telephony.
On a current share price of $125 and outstanding shares at end January 2020 of 292 million, it has a market capitalisation of $36.5 billion. That’s a value equivalent to 80% of the market that it is targeting.
Given the direct competition it faces from the likes of Cisco Webex and Skype (soon to be rolled into Microsoft Teams) and a host of others such as LogMeIn (LOGM) and RingCentral (RNG), not to mention offerings from tech giants such as Google Hangouts, it is a tough call to imagine that Zoom will be able to see off allcomers to take an 80% market share.
Of course, the market could be bigger than its estimates from last year’s perspective as the WFH paradigm shift gathers pace.
And Zoom could diverse into other markets, for example by offering integrated cloud-based productivity software. But notwithstanding such developments, Zoom is richly valued.
Is Zoom Chinese or American?
Zoom has some other perceived negatives to contend with too, not just security lapses.
In China its service was temporarily blocked in September last year, highlighting the risks of doing business in the country. Things are back to normal now.
Zoom is perhaps the only really successful launch of a company in the US with a Chinese mainland founder, Eric Yuan.
The company has made inroads into education in China, signing a deal with the China Educational Information Platform to support online education and research across the higher education sector.
It is also one of market leaders in Chinese telemedicine enablement, with around 1,000 hospitals in the country using its platform to varying degrees.
…and no end-to-end encryption of video
On that, it’s odd that such sensitive matters as telemedicine would be conducted over un-encrypted channels, but Zoom had said it does use end-to-end encryption in contradiction to of our earlier statement that it doesn’t. So, what’s going on here?
Researchers at the University of Toronto claim that the platform uses a flawed encryption scheme and that server keys are issued in China even for video meetings taking place outside of the country.
The report claims that the “waiting room” feature, which acts a holding centre for people wanting to join a conference, is buggy.
In addition, it discovered that the company appears to have 700 employees based in China, leading to suspicions that although headquartered in the US (san Jose, California) it is in effect a Chinese company.
After issuing an apology for giving the impression that Zoom uses end-end encryption, chief operating officer Oded Gal revealed that keys issued to conversation participants are shared.
That means it is not a public-private key pair as commonly understood, that relies on a keygen algorithm that creates unique private key and associated public key.
The lack of end-to-end encryption means all video on the platform is, in theory, accessible by Zoom and would therefore also be accessible by a government or an unauthorised third-party.
Furthermore, investigative news outlet The Intercept reports that Zoom keys, although making use AES (Advanced Encryption Standard), are 128-bit not the more secure 256-bit.
Zoom is moving fast to address concerns
To be fair to Zoom it moved swiftly to remove the Facebook SDK from its iOS app – an unwieldly framework notorious for adding bulk to apps and arguably lacking in the comprehensive documentation to walk developers through every nook and cranny of what the code does.
Zoom has also committed to greater transparency and outreach to customers to make their video experience more secure, by drawing users’ attention to the need to use passwords to secure virtual meeting rooms.
As part of these outreach efforts Yuan wrote in a blog that he will be hosting a webinar every Wednesday for the foreseeable future at 10am Pacific Time “to provide privacy and security updates to our community.
The move is indicative of the reputational damage the security and privacy lapses risk, although by all accounts Zoom is still adding users, with many probably willing to accept the trade-offs on security with its ease-of-use and convenience.
With product usage mushrooming from 10 million in December last year to 200 million daily meeting customers in March as the pandemic took hold, it is also unclear the extent to which it has been able to monetise that increase, while its costs rise.
All told, Zoom has gained traction in a way that many apps would die for and has established itself in western markets as the video conferencing market leader, despite the unwelcome publicity on Zoombombing and the other security issues cited here.
Although there are no metrics to hand, it will have been piling on paid users, as organisations push up against the limits of the free plan.
Trying to guesstimate what’s going on with revenues is difficult. So too is the calculus regarding the gain from the WFH shift balanced against the hit to the economy as a whole and the impact of the downturn in economic activity on continuing user growth and revenue generation.
Where the Zoom price goes from here
The stock bounced off resistance today at $121 and is currently trading up 2.5% at $125, which suggests that viewed as a momentum trade this stock probably has further to run on the back of strong retail investor interest.
According to analysts surveyed by MarketBeat, it is a consensus hold, but with a price target downside of 18% ($101), and just eight out of 25 rating it a buy.
With Wall Street analysts’ price targets ranging from $140 to $45, there is wide disagreement on the way ahead for Zoom.
One last warning – a number of buyers have been caught out by buying the wrong stock, getting Zoom Video Communications (ZM) mixed up with the similarly named Delaware-registered but Chinese-based based Zoom Technologies (ZOOM)., also listed on Nasdaq.
Nasdaq didn’t like what it was seeing and suspended Zoom Technologies on 26 March, so investors don’t have to worry about that for now.
Feature image courtesy of Pixabay