Due to the widespread self-isolation and quarantine, the Zoom video conferencing application has gained unprecedented popularity: the number of its users has increased from 10,000,000 in December 2019 to 200,000,000 in March 2020. And earlier we already talked about the fact that the application is subjected to harsh criticism from the media and information security experts.
The fact is that Zoom reveals new problems with privacy and privacy, as well as serious vulnerabilities. For example, it was noticed that the application merged Facebook information, was cunning at the expense of end-to-end encryption, and also did not explain why it collects information about users at all. Users also reported that because of the bug, hundreds of strangers appeared in their contact lists, and experts found that the Windows client Zoom converts UNC paths into links, whereas Zoom for MacOS Allows a local attacker or malware to gain root privileges on the system.
It seems that now the situation has reached a critical point. So, it became known that recently Elon Musk forbade SpaceX employees use Zoom, as the application has “significant security and privacy issues.” Instead, it was recommended that you use good old emails and phones. Moreover, NASA's American space agency soon also banned its employees from using Zoom for the same reasons.
After this news, Zoom developers reported about the fixes of a number of problems discovered by experts (in particular, the developers apologized for the confusion about E2E encryption, removed a spooky function from Zoom that allowed tracking users' attention, and also got rid of the code that merged LinkedIn and Facebook data), as well declaredthat will immediately stop the development of the application for 90 days, fully focus on improving its security, and also conduct an audit involving third-party specialists.
“We developed our product without assuming that in a few weeks everyone in the world would suddenly begin to work, study and communicate from home,” says Eric Yuan, head of Zoom, apologizing for all the problems found in the proposal.
Also in Zoom plan:
- Prepare transparency reports that detail information related to requests for data, records, and content;
- Improve the existing bug bounty program;
- in partnership with leading CISO industries, create a CISO Council to discuss best security and privacy practices;
- conduct a series of white-box pentests to identify and solve problems;
- starting next week will be held weekly webinarsdedicated to privacy and security updates.