It was also revealed that one vulnerable feature of Zoom – a hidden web server – allowed users to be added into a video call without their permission. Apple has released a silent update blocking this feature from Mac. Video call administrators were also able to access the personal information of participants, such as their IP address, location data, and device information. Zoom implemented a range of new security measures to combat these issues including the enabling of passwords to access a call and turning on the Waiting Room feature as a default, which will prevent participants from joining until the host is ready and removing the meeting ID from the title bar to prevent the accidental sharing of this information through screenshots.
Such faults saw Zoom hit by an investor lawsuit, in which shareholder Michael Drieu alleged that Zoom had “significantly overstated” the extent of the encryption on the platform and that the admission of this discrepancy accounted for a significant drop in the company’s share prices.
A further revelation showed that hackers were able to access a users’ Windows login name and password when users clicked a specific link in Zoom’s chat functionality. Hacker, Matthew Hickey, stated that this vulnerability can allow access to launch programs on your machine, providing it passes the security warning. Luckily, this feature can be blocked by following a few simple steps.
Principle security researcher at Jamf, Patrick Wardle, exposed another two bugs that can be used to take over a user’s Mac, including accessing their webcam and microphone. Wardle reported that the bugs in question are local security issues, meaning that in order to be utilized, “they required that malware or an attacker already have a foothold on a macOS system”. Zoom has not yet issued a claim in response to Wardle’s findings and have made no comment on how these bugs will be removed.
Following it’s sudden and sharp rise in popularity, it’s no surprise that Zoom has encountered some security and privacy problems. Founded in 2020, Zoom saw a 67% rise in usage from the start of the year to mid-March and has provided countless high profile companies and figures with easy access to business as usual. Raul Castanon, a senior analyst for workforce collaboration at 451 Research / S&P Global Market Intelligence, told ComputerWorld that founder, Yuan’s efforts to “skilfully navigate” these “unprecedented” challenges should not go unacknowledged and these measures along with hiring former Facebook CSO Alex Stamos as an outside adviser should help “Zoom improve its security and privacy practices”.
That being said, with multiple security breaches left unacknowledged, it may be advisable to find a more secure alternative to Zoom until all of their problems have been solved.