Growing pains are often seen in various industries when a product suddenly gains immense popularity. In the tech world such pains usually manifest in the form of security exploits being discovered. This very thing happened in recent weeks as Zoom’s popularity skyrocketed in the wake of the COVID-19 outbreak. As many adopted the video conferencing platform as either a means to work from home, or stay in touch with family members, severe exploits were quickly exposed. It was not a surprise when lawsuits and investigations ensued amidst these occurrences.
A large part of the appeal, and rapid adoption, for Zoom came from its free version and ease of use. As is common with many free wares not all security features are enabled or available. A new practice called Zoombombing began to spread like wild fire as well. It was the act of someone gaining unauthorized access to a meeting allowing them to join in the meeting. This particular vulnerability could be mitigated by taking 4 steps with the app. Another issue is how Zoom incorporates UNC(universal naming convention) into the apps usage. This could allow attackers to gain access to Windows credentials.
The latest events
Hackers have now taken to selling their knowledge of exploits for both Windows and MacOS devices online. They have chosen to market zero-day vulnerabilities as well. Prices for such sought after knowledge can set you back the better part of $500,000 though. Parent company, Zoom Video Communications Inc., has now turned its attention into expanding their security efforts. MarketWatch has reported that they have now begun hiring outside experts from a variety of sources. These include privacy experts from Facebook, Google, and Microsoft. One such hire, Alex Stamos, a former chief security officer from Facebook, likened it to taking a page from Microsoft’s playbook. This is a reference to when Microsoft put greater efforts into its security issues with Windows in 2002.