Skip to main content

Zoom Is Working On Security But May Be Too Late

By April 17, 2020May 5th, 2022Cybersecurity

The popular messaging tool called Zoom is having a tough time.

According to a recently released memo that circulated through Elon Musk’s “SpaceX” company, the company is banning Zoom’s use because of “significant privacy and security concerns.”

In response, Zoom’s development team recently announced that they’re freezing all feature development for a period of 90 days so they can work to improve privacy and security. Once their latest round of work is complete, they’re planning to conduct a thorough third-party security review.

All of this comes on the heels of the discovery of a raft of critical security flaws in the Zoom app. Just a few days ago, the Zoom Windows client was found to be leaking network credentials. That is, because of the way the app rendered UNC file paths, displaying them as clickable links inside group chat windows.

Patrick Wardle is a legendary NSA hacker and famous Apple bug hunter. He found a new vulnerability in the macOS Zoom installer that could easily be exploited by even casual hackers.

Zoom’s founder, Eric Yuan, has been busy issuing apologies on multiple fronts and driving his team to correct all of the recently discovered issues. Among other things, the company has removed the Facebook SDK in its iOS app. They have acknowledged that their E2E encryption scheme is not particularly secure, and are moving rapidly to address that. They are also in the process of rolling out bug fixes for both the Windows and macOS versions of its clients, both of which may be available by the time you read these words.

In addition to that, Yuan said that Zoom was removing the attendee attention tracker and the LinkedIn Sales Navigator, both of which were found to be leaking data and causing additional security concerns.

Those are all good moves. Overdue, to be sure, but good moves. The question is, is it too little, too late? Only time will tell.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.