A recent report explains that Zoom’s security problems have been investigated by hackers since at least two years ago. The news comes as yet another surprising twist in the saga of the online video conferencing platform’s privacy issues, as it attempts to balance public perception and its growing audience.
Zoom’s security problems have already become about as obscene as online privacy stories can get. In just the last 50 days or so, Zoom has been on a roller coaster. First, it saw an astounding popularity explosion. Then, people developed concerns about its security risks. Those people faced real-world problems via Zoombombing. That problem was mocked online. People then unearthed problems from the past that weren’t part of the Zeitgeist since Zoom only recently became popular. Next, the company issued a public apology, but still, major corporations publicly disassociated themselves from Zoom.
It’s a huge mess, but apparently it shouldn’t have come as a surprise. One issue from years ago involved a flaw that allowed hackers to force some Mac users into Zoom chats, while remotely powering on their microphone and camera, even if they’d already deleted the client. The New York Times has released more information about that story, reporting that the hackers who discovered the exploit did so as part of a Dropbox-sponsored hacking competition over a year ago.
It’s a fairly typical practice for company’s to employ professional hackers to test their security by legally hacking it. In this case, Dropbox deployed a team of engineers to test Zoom’s security since the company feared Zoom’s privacy issues (even in 2018) were too big of a risk. In addition to the Apple issue mentioned above, they also found flaws that gave hackers remote access to people’s entire computers.
Reports Suggest Zoom’s Problems Were Avoidable
The issue that allowed a hacker to completely gain control of a PC with Zoom installed was discovered during a hacking competition. Those results were shared with Zoom staff, which responded by… doing nothing about the flaw for months. Three months after the problem was revealed, another person found a less-threatening issue that connected to this problem, finally prompting Zoom’s founder to publicly apologize and fix it.
Of course, that’s one issue and it highlights the overall problem with Zoom: these security flaws could have been avoided. While there’s an argument that these issues are exacerbated by the insane popularity Zoom has gained as people adjust to working from home and socializing via video chat as a result of the coronavirus pandemic, problems with this absurd level of severity should have been solved years ago. Bear in mind that Zoom’s primary demographic before COVID-19 was the enterprise market, where businesses typically had IT departments setting up their video calls. All of Zoom’s issues that have been brought to light now existed back then and could have compromised sensitive data for thousands of businesses. The company was certainly aware of the potential dangers of these issues. The only thing they couldn’t have predicted was that Zoom would get as big as it has and emphasize its warts.
