According to "The Intercept" Zoom has some issues, which can result in data leakage, privacy and apparently has encryption issues.
Does it have issues, during this crisis, as it is being actively used even by New Zealand Government agencies too for updates:
Or does someone have an agenda against the company?
There's always room for a good conspiracy theory isn't there? But, the IPO has passed and we are living with a deflated stock. Zoom software has always had some serious software defects that have been discussed in public for years. Did they ever fix them? No. Did anyone have the need to use their software? No. Times have changed. Now, they need to go back and re-engineer their product if they care about their reputation and stock price. Want more conspiracy? Just look at the 49 CVEs on record here. Btw those are just the published ones...
@AppDefects Thanks for the information - interesting that lots of new Zoom domains are being created actively every day: https://securityaffairs.co/wordpress/100752/cyber-crime/coronavirus-zoom-campaign.html
During this current worldwide situation. Seems they need to do a lot of work.
@AppDefectsYes, add another CVE against Zoom: They have some work to do:
The iOS SDK thing, I'll give them poor monitoring practice marks, but the fact that it was only iOS to Facebook seems to indicate that is what it was, poor development practices that allowed something to be enabled. If they were serious about monetizing that information, they would have done it with a lot more client types.
In the end, I think they are generally a good company and product. There are certainly risks associated, as always, but one can minimize them, and in the balance of what they provide, I think it is a net gain.
I just saw this one, and have to update my comments to say that I think they have more quality issues than I thought. Some of the articles seem to be piling on, but things like this one show that they have poor practices from a security standpoint, so the balance is tipping in risk/reward.
There are a significant number of security issues with Zoom, but, overall, it seems to be a possible tool, if you know, and accept, the specific risks.
At the moment, the major one seems to be the popularity. As previously noted, at the moment everyone wants to get on the Zoom/teleconferencing bandwagon, and everyone is trying to download the app. (The fact that the Apple App Store, the Google/Android Play Store, and the Microsoft Store all have apps called zoom that have nothing to do with teleconferencing doesn't make things any easier.) Just to be clear, we are talking about zoom.us, and if you download something from some other zoom domain you may be in (malware) trouble.
A lot of hackers seem to be having fun with the conference number guessing. Since conferences are identified and managed via a nine digit number, hackers can "join" your conference if they guess the right number. At the moment, this seems to be more of a game where they "share" pr0n (drat you, dreaded "community" pr0n filter) in the middle of family calls, and other such annoyances (and sometimes more than annoyances). At the moment there doesn't seem to be too much in the way of targetted attacks. You can use a "password" to "protect" you call, but, since it is only a (six digit?) number, I'm not sure how much protection there is against automated password sequencing.
Yes, Zoom seems to have a pretty cavalier attitude towards security and privacy. It may become the "Facebook" of teleconferencing. Be aware of the various threats, attacks, and vulnerabilities, but, particularly in the midst of this crisis, it may be an acceptable risk for the communications benefit. We, in the Vancouver Chapter, are trying to set up a virtual meeting and presentation, likely around April 17th. (In fact, I'm running a practice test, for those interested in Zoom meetings, in less than an hour:
Topic: Security SIG test meeting
Time: Apr 1, 2020 11:00 AM Vancouver
Join Zoom Meeting
Meeting ID: 679 324 276 )
Apologies if this upsets anyone: https://www.theregister.co.uk/2020/04/01/zoom_spotlight/
It's just a headline from the Register UK source.
Even the Prime Minister of UK was caught using Zoom - crazy people.