Zoom, the overnight popular videotelephony application is full of bugs and other security problems. Hackers and other malicious malware exploit user data using this software. This application became popular just after the Coronavirus lockdown came into action. But there is no doubt about its performance. Because it does its job perfectly with good efficiency.
But the security reasons are why the company is suddenly seeing a drop in its active user base. Hackers steal user credentials using the application. But now the company is ready to fix their issues. Zoom has started a complete revamp operation for its security department.
They have hired a cybersecurity outsourcer by the name of Luta Security. Luta Security specializes in bug bounty procedures and sustainable security handling. Katie Moussouris, CEO of Luta Security is also the person behind bug fixing programs of Microsoft, Symantec, and Pentagon.
I’m excited to highlight my colleagues who are adding their expertise in the next few weeks. In addition to welcoming my former colleague @alexstamos to the extended Zoom security family
I’d like to welcome @LeaKissner @matthew_d_green @bishopfox @NCCGroupInfosec @trailofbits pic.twitter.com/fQV5cce3aq— Katie Moussouris (she/her) (@k8em0) April 16, 2020
How is Zoom security procedure going?
Zoom is planning to use the same procedure as its previous venture, HackerOne. While Luta Security is taking advice from the entire cybersecurity community. Katie hopes to help Zoom reach unreachable security heights.
The company is also taking the help of Alex Stamos, former CSO at Facebook. These new cyber specialists are part of Zoom’s new security tightening procedures. The Coronavirus pandemic has helped this videotelephony company to reach bigger heights. The active user base is now growing. It has shifted from 10 million active users in December 2019 to almost 200 million users by today.
In @zoom_us's privacy/security webinar, @alexstamos says "in a matter of weeks" they'll be upgrading ciphers to AES-256 GCM.
And in the long-term, they're building an E2E encryption option, have a number of PhD cryptographers working on hard problems. More announcements soon.
— Micah Lee (@micahflee) April 15, 2020
There are a lot of issues with the app’s code. It has privacy errors, wrong user data management, and a custom encryption scheme. But this is not a big concern. Because recent reports show Zoom sends data to Chinese servers. But this is not true partially. Because Zoom does not send the data, but other malicious attacker exploits the site and does.
Zoom currently uses a 256-AES-ECB level of encryption. The company plans to make it secure by adding 256-AES GCM level encryption. This will definitely stop attackers from exploiting user data.
Suryapratim Ray is an engineer, author, robotics hobbyist, and an active Quoran. Being a technical blogger, he covers the good, bad, and ugly of science on a regular basis at Sciencenews18. In addition to his passion for writing, he’s equally keen on learning classical music.