Zoom Is Working On Security But May Be Too Late
The popular messaging tool called Zoom is having a tough time.
According to a recently released memo that circulated through Elon Musk's "SpaceX" company, the company is banning Zoom's use because of "significant privacy and security concerns."
In response, Zoom's development team recently announced that they're freezing all feature development for a period of 90 days so they can work to improve privacy and security. Once their latest round of work is complete, they're planning to conduct a thorough third-party security review.
All of this comes on the heels of the discovery of a raft of critical security flaws in the Zoom app. Just a few days ago, the Zoom Windows client was found to be leaking network credentials. That is, because of the way the app rendered UNC file paths, displaying them as clickable links inside group chat windows.
Patrick Wardle is a legendary NSA hacker and famous Apple bug hunter. He found a new vulnerability in the macOS Zoom installer that could easily be exploited by even casual hackers.
Zoom's founder, Eric Yuan, has been busy issuing apologies on multiple fronts and driving his team to correct all of the recently discovered issues. Among other things, the company has removed the Facebook SDK in its iOS app. They have acknowledged that their E2E encryption scheme is not particularly secure, and are moving rapidly to address that. They are also in the process of rolling out bug fixes for both the Windows and macOS versions of its clients, both of which may be available by the time you read these words.
In addition to that, Yuan said that Zoom was removing the attendee attention tracker and the LinkedIn Sales Navigator, both of which were found to be leaking data and causing additional security concerns.
Those are all good moves. Overdue, to be sure, but good moves. The question is, is it too little, too late? Only time will tell.