My father-in-law reached out to me yesterday to ask if I had heard anything about Zoom and user privacy issues. At the time, I had not, except for that webserver issue, which I believe they fixed. It turns out there is more than one problem. From The Guardian:
A number of security flaws affecting Zoom have been reported in the past and as recently as this week. In 2019, it was revealed Zoom had quietly installed a hidden web server on user devices that could allow the user to be added to a call without their permission. And a bug discovered this week would enable hackers to take over a Zoom user’s Mac, including tapping into the webcam and hacking the microphone.
The company said on Thursday it had issued a release to fix the Mac issue, but the number of security issues with Zoom in the past make it as bad as malicious software, said Arvind Narayanan, an associate computer science professor at Princeton University.
“Let’s make this simple,” he said. “Zoom is malware.”
I think we’re all living on Zoom these days, which is scary to think about when you consider that Zoom does not have end-to-end encryption as advertised. And Zoom sends iOS user data to Facebook for advertising purposes even if the user does not have a Facebook account!
Global crisis or not this isn’t good. Not good at all. The company has announced it is shifting engineering resources to address all of these concerns but this is more than three strikes for me—I’m out.