Zoom, which stopped developing new product features on Friday so it could focus on addressing various privacy and security issues, further suppressed security vulnerabilities in weekend.
On Saturday, the company activated default password settings and waiting rooms for users at its basic free level and for those with a single account at the cheapest paid level, such as K-12 education accounts. All appointments that use a personal meeting ID (PMI) will now require a password, and password settings that have been disabled will be reactivated. As a result, passwords will be required for instant meetings, for participants who will join by phone and when a new meeting is scheduled.
Zoom CEO Eric Yuan acknowledged in an interview with CNN on Monday that the company «went too fast» because the COVID-19 crisis was unfolding and should have strengthened security. to protect users . The company also acknowledged in response to an investigation by the University of Toronto’s Citizen Lab that your encryption efforts require more work.
The company has seen an increase in the use of its platform in recent weeks, as self-isolation in response to the pandemic has increased the demand for video software. As its popularity exploded, both for business and personal use, and the company’s share price rose, the vulnerabilities behind the platform became apparent.
Referring to the latest security changes, Zoom said schools using its software will have the new password settings permanently locked, while others with free or paid accounts with a single authorized user can remove the requirements if I want.
(The Zoom feature of the waiting room has also been enabled by default to allow hosts to examine participants before allowing them to join a meeting.)
Meanwhile, the ElX Musk aerospace company, SpaceX, has apparently banned the 6,000 employees from using Zoom for privacy and security reasons. according to Reuters . Zoom has also been criticized for a vulnerability that allowed hackers to do so steal passwords on Windows devices , although that defect has already been fixed.
More recently, the New York Department of Education has also banned the use of Zoom, and teachers and administrators have been unable to use it due to concerns about increasing Zoom, according New York Post . A letter to employees said that Zoom should be replaced by Google Hangouts Meet or Microsoft Teams.
Zoom’s CEO apologizes for the recent problems
Yuan posted a blog post last Wednesday detailing the company’s response and said that for the next 90 days Zoom will direct the resources needed to “proactively identify, address and resolve issues.
«We are also committed to being transparent throughout this process. We want to do everything necessary to keep their trust, «he said.
The measures include a «freeze» on feature development, and Zoom engineers will focus on «trust, security and privacy issues».
The company also intends to work with «external experts» to review security for consumer use of its platform; creating a CISO council to discuss security best practices; create a transparency report on «requests for data, records or content»; extend the Zoom error reward program. and perform white box penetration tests to identify other security issues.
Yuan will also host weekly webinars to provide privacy and security updates.
Zoom must demonstrate that it is ready for company
Zoom goes «further» by putting its roadmap on hold addresses recent concerns said Raul Castanon, senior analyst for labor collaboration at 451 Research / S&P Global Market Intelligence. «This should help restore the confidence of business users, assuming that the company comes up with a clear list of improvements after the 90-day period.
«Zoom draws a lot of attention to the pandemic, and security concerns could be an opportunity for the company to show that it can address the privacy and security of its business customers,» he said.
However, Zoom still has a way to go in ensuring that its platform is ready for business use.
«Yuan contradicts his comment on Zoom’s development for enterprise customers» with full IT support «and not for a» wider set of users, «Castanon said. , but for most vendors, but the security flaws that have emerged show that the platform is not entirely entrepreneurial. Yuan could have been better. Without that comment. «
In another privacy incident, Zoom is being sued in California for sharing user data with Facebook. Zoom said in a Blog post from March 29 that he «has never sold user data in the past and does not intend to sell user data in the future» and that he will remove the Facebook SDK (software development kit) from his iOS client, which he said is responsible for collecting data from the device.
Castanon praised the way Zoom handled privacy issues with the Facebook SDK.
«The zoom will be fine, but this incident will continue to affect Facebook’s reputation,» he said. «Mark Zuckerberg should pay close attention to Eric Yuan’s detailed response to how Zoom addresses security and privacy issues.»