Zoom Logo
Image Credit: Zoom Video Communications Inc

Growing pains are often seen in various industries when a product suddenly gains immense popularity. In the tech world such pains usually manifest in the form of security exploits being discovered. This very thing happened in recent weeks as Zoom’s popularity skyrocketed in the wake of the COVID-19 outbreak. As many adopted the video conferencing platform as either a means to work from home, or stay in touch with family members, severe exploits were quickly exposed. It was not a surprise when lawsuits and investigations ensued amidst these occurrences.

A large part of the appeal, and rapid adoption, for Zoom came from its free version and ease of use. As is common with many free wares not all security features are enabled or available. A new practice called Zoombombing began to spread like wild fire as well. It was the act of someone gaining unauthorized access to a meeting allowing them to join in the meeting. This particular vulnerability could be mitigated by taking 4 steps with the app. Another issue is how Zoom incorporates UNC(universal naming convention) into the apps usage. This could allow attackers to gain access to Windows credentials.

The latest events

Hackers have now taken to selling their knowledge of exploits for both Windows and MacOS devices online. They have chosen to market zero-day vulnerabilities as well. Prices for such sought after knowledge can set you back the better part of $500,000 though. Parent company, Zoom Video Communications Inc., has now turned its attention into expanding their security efforts. MarketWatch has reported that they have now begun hiring outside experts from a variety of sources. These include privacy experts from Facebook, Google, and Microsoft. One such hire, Alex Stamos, a former chief security officer from Facebook, likened it to taking a page from Microsoft’s playbook. This is a reference to when Microsoft put greater efforts into its security issues with Windows in 2002.

Peter Brosdahl

As a child of the 70’s I was part of the many who became enthralled by the video arcade invasion of the 1980’s. Saving money from various odd jobs I purchased my first computer from a friend of my...

Join the Conversation

2 Comments

  1. Good that they are taking it seriously.

    I wonder if they are going to address th eother privacy concerns regarding Zoom, for instance that Zoom employees can monitor any call unnoticed by the callers, and Zooms data collection.

  2. Well, i ended up using zoom, after google meet or hangouts or whatever the hell turned into a nightmare for everyone. Zoom was so easy in comparison, its no wonder it is growing.
    Part of the issue is the publishing of meetings so that anyone can just do a search, find the link and crash the meeting, or zoombombing so called.
    I don’t know how zoom itself can fix this, I mean if you publish the meeting on the web, as opposed to sending the link to the proper parties involved… Don’t know… Sure more security is welcome.
Leave a comment