Zoom apologises for major security vulnerabilities, promises fixes

Questions raised around Zoom security and safety

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Video calling app Zoom has announced it will be freezing product development to focus on boosting the security of its services following several high-profile security issues.

Ina blog post, CEO Eric S. Yuan revealed that Zoom saw 200 million daily meeting participants in March, a huge rise from the 10 million daily users it welcomed in December.

However he admitted that work in securing the app had not seen a similar scale of growth, and pledge to improve this going forward.

Zoom has seen an explosion in users over the past few weeks as workers around the world embrace a new era of working from home, but now its security protection is being called into question.

“Our platform was built primarily for enterprise customers,” Yuan said. “We did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home. We now have a much broader set of users who are utilizing our product in a myriad of unexpected ways, presenting us with challenges we did not anticipate when the platform was conceived.”

“Over the next 90 days, we are committed to dedicating the resources needed to better identify, address, and fix issues proactively,” Yuan added . “We are also committed to being transparent throughout this process.”

Zoom’s entire engineering team will now pivot to working on safety and security, with the company also planning a “comprehensive" review of its services along with third-parties.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Zoom has since attracted a lot of attention from security researchers and cybercriminals alike, with a number of worrying security flaws affecting Windows and Mac devices uncovered recently.

On Windows devices, one expert found that criminals could exploit a flaw in the Zoom chat feature to steal login details. Speaking on Twitter, the researcher known as @_godmode outlined how the part of Zoom’s chat feature that converts URLs into hyperlinks can also do the same for Windows networking UNC paths, turning them into a clickable link that if accessed, could reveal login information.

Another expert revealed two bugs affecting Zoom onAppleMac devices. One flaw would allow criminals to hijack a victims device, one of which exploited Zoom’s access rights on a device to give hackers control of the webcam and microphone.

A seperate flaw discovered by the same security researcher, Patrick Wardle, could allow a hacker to inject malicious code into Zoom’s installer program, giving access to the device’soperating systemand allowing them to install malware without the victimnoticing.

Zoom was also criticised earlier this week after it was discovered that the app doesnot offer end-to-end encryption, as promised on its website. Instead, it uses Transport encryption, a Transport Layer Security (TLS) protocol which means that although others won’t be able to access your data, Zoom will still be able to.

ViaBleeping Computer/CityAM

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK’s leading national newspapers and fellow Future title ITProPortal, and when he’s not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.

Best Linux distro for Windows users of 2024

Twingate Business VPN

Best genealogy tool of 2024