Well, Coronavirus 2019 (COVID-19) happened.
Okay, smart alec. I know about that. What else is going on?
Well, because so many people are (wisely) staying at home, they’re using videoconferencing and chat technology like Zoom to keep in touch with friends, family and colleagues.
In fact, Zoom says that daily usage has soared from approximately 10 million daily meeting participants in December 2019 to over 200 million today.
Zoom must be pleased.
I’m sure they are. Dealing with those kind of new user problems are the kind of problems you want to have, right? But massive increase in the service’s usage has also meant an increase in the number of security researchers taking a closer interest in Zoom.
And they’ve found problems?
Yes. And it’s not as if Zoom has a spotless record when it comes to privacy and security.
For instance, back in January, Zoom patched a bug that could have allowed an attacker to find and join active meetings.
And last July, Zoom fixed a security hole that could have allowed hackers to hijack Mac users’ webcams without their permission just by tricking them into visiting a malicious website.
Zoom didn’t do itself any favors by initially attempting to explain away that bug as a “legitimate solution to a poor user experience problem, enabling our users to have faster, one-click-to-join meetings” and making veiled criticisms of the researcher who uncovered it.
And then it was revealed that Zoom was using underhanded tricks to bypass macOS’s built-in security and reinstall itself without permission on computers even after users had uninstalled the software. Apple wasn’t impressed by this practice, so much so that it issued a silent update to remove Zoom’s sneaky code from all Macs.
So, they’ve made mistakes in the past. What concerns are folks having (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Graham Cluley. Read the original post at: https://www.tripwire.com/state-of-security/featured/zoom-security-privacy/