Zoom apologies for major security vulnerabilities, promises fixes

Video calling app Zoom has announced it will be freezing product development to focus on boosting the security of its services following several high-profile security issues.

In a blog post, CEO Eric S. Yuan revealed that Zoom saw 200 million daily meeting participants in March, a huge rise from the 10 million daily users it welcomed in December.

However he admitted that work in securing the app had not seen a similar scale of growth, and pledge to improve this going forward.

Zoom has seen an explosion in users over the past few weeks as workers around the world embrace a new era of working from home, but now its security protection is being called into question.

“Our platform was built primarily for enterprise customers,” Yuan said. “We did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home. We now have a much broader set of users who are utilizing our product in a myriad of unexpected ways, presenting us with challenges we did not anticipate when the platform was conceived.”

“Over the next 90 days, we are committed to dedicating the resources needed to better identify, address, and fix issues proactively,” Yuan added . “We are also committed to being transparent throughout this process.”

Zoom's entire engineering team will now pivot to working on safety and security, with the company also planning a “comprehensive" review of its services along with third-parties.

Zoom has since attracted a lot of attention from security researchers and cybercriminals alike, with a number of worrying security flaws affecting Windows and Mac devices uncovered recently.

On Windows devices, one expert found that criminals could exploit a flaw in the Zoom chat feature to steal login details. Speaking on Twitter, the researcher known as @_godmode outlined how the part of Zoom's chat feature that converts URLs into hyperlinks can also do the same for Windows networking UNC paths, turning them into a clickable link that if accessed, could reveal login information.

Another expert revealed two bugs affecting Zoom on Apple Mac devices. One flaw would allow criminals to hijack a victims device, one of which exploited Zoom's access rights on a device to give hackers control of the webcam and microphone.

A seperate flaw discovered by the same security researcher, Patrick Wardle, could allow a hacker to inject malicious code into Zoom's installer program, giving access to the device's operating system and allowing them to install malware without the victimnoticing.

Zoom was also criticised earlier this week after it was discovered that the app does not offer end-to-end encryption, as promised on its website. Instead, it uses Transport encryption, a Transport Layer Security (TLS) protocol which means that although others won't be able to access your data, Zoom will still be able to.

Via Bleeping Computer / CityAM

How It works

Search Crack for

Latest IT News

May 26
Free screen recorders that will record or stream everything happening on your desktop.
May 26
Free PDF readers that offer a wealth of features, including editing, annotating and blocking security threats.
May 26
Free YouTube downloaders for saving videos from all the most popular hosting sites, including YouTube and many more.
May 26
Akamai's solution works in-browser to automatically identify suspicious behaviour such as web-skimming.
May 26
And it's an official HP patch, rather than some of the unofficial - and clunky - workarounds that have been floating around.
May 26
Windows 10 May 2020 Update will be released any day now, and its best new feature brings the ability to block the installation of unwanted apps.
May 25
Threat actors are leveraging Google's technology to harvest credentials.

Latest cracks