Skip to main content

Zoom apologies for security issues, promises fixes


Zoom is to pause the development of any new features to concentrate on safety and privacy issues, in the wake of criticism from users of the app.
In a blog, the chief executive of the video conferencing app apologized for “falling short” on security issues and promised to address concerns.
He said that the use of Zoom had soared in ways he could never have foreseen prior to the coronavirus pandemic.
One security expert said he hoped the company culture would change.
Zoom is now being used by millions of people for work and leisure, as lockdowns are imposed in many countries.
Eric Yuan spoke candidly about how “usage of Zoom ballooned overnight”.
“As of the end of December last year, the maximum number of daily meeting participants, both free and paid, was approximately 10 million. In March this year, we reached more than 200 million, he said.
He admitted that despite “working around the clock” to support the influx of new users, the service had “fallen short of the community’s — and our own — privacy and security expectations”.
“For that, I am deeply sorry,” he wrote.
“We did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home,” he wrote.
“We now have a much broader set of users who are utilizing our product in a myriad of unexpected ways presenting us with challenges we did not anticipate when the platform was conceived.”
Zoom has been criticized for a range of privacy issues, including sending user data to Facebook, wrongly claiming the app had end-to-end encryption, and allowing meeting hosts to track attendees.
Ex-NSA (National Security Agency) hacker Patrick Wardle identified a series of issues, including a flaw which left Mac users vulnerable to having webcams and microphones hijacked.
Security consultant Graham Cluley said that Zoom faced “a crisis”.
“It risked losing a large amount of goodwill it had received because of revelations about its less-than-perfect attitude towards security and privacy.”
The fact that it was addressing some of the “alarming vulnerabilities” and had recognized the need to focus on security rather than “adding bells and whistles” was good news, he said.
“Let’s hope that the company’s culture will change from its previous ‘fast and loose’ attitude when it comes to such concerns,” he added.

Zoombombing

The huge uptake of Zoom has created the new phenomenon of ‘zoombombing’ which sees uninvited guests join video conferences, usually to shout abuse, share pornography or make racist remarks.
The mischief-makers find out the details of the meetings either via links that have been shared publicly on social media platforms or websites or, in some cases, by simply guessing the nine digit ID code. It is reasonably easy to prevent attacks by password protecting meetings and not allowing anyone other than the host to screen-share.
Mr Yuan, who founded Zoom in 2011, said steps the firm had taken to address concerns included:
  • clarifying its encryption practices
  • removing code that meant information was shared from its iOS app to Facebook
  • releasing fixes for Mac-related issues
  • removing a LinkedIn feature to prevent unnecessary data disclosure
  • issuing guidelines about how to avoid becoming a victim of zoombombing
And over the next 90 days it plans to:
  • freeze development of new features to focus on safety and privacy
  • conduct a review with independent experts to understand new security features needed for new customers
  • prepare a transparency report on data requests
  • enhance its bug bounty program
  • hold a weekly webinar to provide privacy and security updates
Rik Ferguson, vice president of security research at Trend Micro, welcomed the changes.
“These issues run the full gamut: from configuration and lax default settings, software vulnerabilities, corporate policy and product roadmap decisions, and that it painfully clear from the blog post.”
“One has to feel some sympathy for an organisation that was one of the first to offer free services during the pandemic and found itself not just a victim of poor decision-making, but also a victim of its own success.”

‘High-risk’

There has been debate in the UK about whether the government should be using Zoom for cabinet meetings.
The government justified its use during “unprecedented times” when some members of the government were self-isolating and did not have access to more secure technology at home.
But the debate intensified when prime minister Boris Johnson tweeted a picture which included the ID number of the latest meeting.
It is also reported that Elon Musk has banned the use of Zoom for SpaceX meetings, citing security concerns. Nasa, which is one of Space X’s biggest customers, also prevents employees from using it.
Mr Cluley said anyone using it for sensitive conversations needed to be careful.
“Fixing these problems will take time. And those particularly high-risk users of Zoom, having highly sensitive discussions on the service, who might potentially be the target of state-sponsored attacks (for instance the UK cabinet), might be wise to find alternative, more secure methods of communication in the meantime.”

Originally published at https://www.bbc.com on April 2, 2020.

Comments

Post a Comment

Popular posts from this blog

Facebook updates iOS app to fix issues that let the camera open in the background

The issues were first reported this month This month, some users of Facebook’s iOS app  found that  that, in at least two situations, the app appeared to be activating the camera in the background without a user’s knowledge. Facebook said yesterday that it was submitting fixes for the issues to Apple, and the company tells us that, as of this morning, the updated app is now available for download on the App Store. I’ve downloaded the update to my iPhone 11 Pro, and I can’t get the camera to accidentally activate in either of the scenarios that were reported — but I also couldn’t get it to activate yesterday, so I can’t personally confirm that the issues are fixed. But if we take Facebook at its word that everything is resolved, it’s nice to see that the company acted quickly. Article reference:  https://www.theverge.com/2019/11/13/20963791/facebook-issue-fix-camera-open-background-update-ios-app-store
Post a Comment
Read more

WhatsApp Users Exchanged Over 100 Billion Messages on New Year’s Eve, A New Record

WhatsApp is one of the most widely used communication apps on the planet and as such, clocks an insane number of messages and media exchanges on a daily basis. But the New Year's Eve broke a record that has been standing since WhatsApp's debut a decade ago. WhatsApp has revealed that users exchanged over 100 billion messages on New Year's eve. And out of that number, more than 20 billion messages were shared by Indian users alone. Moreover, around 12 billion out of the 100 billion+ messages shared on the platform were images. WhatsApp wrote in a press release that over 100 billion messages were shared globally on December 31 in the 24-hour duration leading up to the midnight of New Year's Eve. This is a record-breaking volume and is the highest number of messages exchanged in a single day ever since WhatsApp kicked off its services ten years ago. Out of those 100 billion+ messages shared on New Year's eve, WhatsApp says over 12 billion were images. Meanwhile...
Post a Comment
Read more

Lebanese Protesters Are Using This ‘Bridgefy’ Messaging App - What is it?

Bridgefy is an offline messaging app that lets you communicate with friends and family when you don't have access to the Internet, by simply turning on your Bluetooth antenna. Due to WhatsApp outage and the poor internet services, a new offline messaging app known as Bridgefy has started to gain traction among Lebanese protesters. The people are recommending using this app in case there is a shutdown of internet services. Did you know that: 1 billion people aren’t covered by 3G or 4G networks. 3.3 billion people live in areas where the mobile Internet can be accessed but remain without a mobile Internet subscription. 1 billion people own a smartphone but don’t own a data plan. 40% of the world population is forecast to remain unconnected by 2025. These numbers represent huge amounts of potential users that aren’t being reached by mobile apps. Bridgefy keeps your app working even when people do not have access to the Internet. T...
Post a Comment
Read more