Due to the coronavirus pandemic, Zoom’s free and paid users have grown from 10 million in December 2019 to 200 million daily meeting participants in March. As a result, people began to pay attention to the numerous security and privacy issues of the video conferencing software Zoom. Recently, SpaceX has banned employees from using the video conferencing application Zoom to handle major privacy and security issues. SpaceX acknowledges that many of its 6,000 employees have been using Zoom for meetings, but on March 28, it instructed all employees to switch to email, text message or phone instead. NASA also banned employees from using Zoom. This week Zoom was also slammed by The Intercept for allegedly misleading users about the platform’s end-to-end (E2E) encryption.
Researchers also discovered two new security bugs in the Zoom app. The Zoom Windows client was leaking network credentials due to the app rendering UNC file paths as a clickable link in group chat windows. Moreover, the former NSA hacker disclosed a new vulnerability in the macOS Zoom installer, which uses a deprecated and insecure application programming interface in macOS. Responding to these issues, Eric S Yuan, Zoom’s CEO, explained that Zoom was primarily built for enterprise customers with IT support teams. “However, we did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home”.
- Prepare a transparency report that details information related to requests for data, records, or content.
- Enhance its current bug-bounty program.
- Launch a CISO council in partnership with leading CISOs from across the industry to facilitate debate on security and privacy best practices.
- Engage a series of simultaneous white-box penetration tests to further identify and address issues.
- Start next week, Yuan will host a weekly webinar on Wednesdays at 10 am PT to provide privacy and security updates to the Zoom Community.
LIFARS Project Management as a Service (PMaaS) is designed to assist you to successfully plan and deliver time-constrained high- profile security projects. Our highly proficient projects managers with an extensive background in addressing various security projects including major incident response and pre-breach controls implementation are astute to address your urgencies. LIFARS’ experienced Project Managers can fully manage or rescue your sensitive projects while focusing on the below:
- Quickly planning while considering cultural intangibles and key stakeholders’ needs.
- Productively executing to ensure schedule, cost, and quality are met as planned.
- Smoothly transitioning to ensure adequate operations.