Some welcome good news on the COVID-19 front: Microsoft Corporation said it is stepping up its efforts to protect hospitals and other critical services from…
The tool was removed on Thursday as part of several sweeping changes Zoom made in response to snowballing security and privacy concerns. Zoom founder Eric Yuan said in a Wednesday post responding to the concerns that Zoom will freeze the development of its features and instead focusing on security and privacy issues.
“Over the next 90 days, we are committed to dedicating the resources needed to better identify, address and fix issues proactively,” said Yuan. “We are also committed to being transparent throughout this process. We want to do what it takes to maintain your trust.”
With more employees working from home over the past few weeks due to the coronavirus pandemic, Zoom has ballooned in popularity to include 200 million daily meeting participants in March. To put that into context, the maximum number of daily meeting participants on Zoom in December was 10 million.
But questions over what data Zoom collects – and how it is secured – have also increased. On the privacy front, Zoom this week removed a feature in its iOS web conferencing app that was sharing analytics data with Facebook, after a report revealing the practice sparked outrage. According to the Motherboard report last week that originally disclosed the privacy issue, the transferred information included data on when a user opened the app, a user’s time zone, device OS, device model and carrier, screen size, processor cores and disk space.
The issue left the public — including New York attorney general, Letitia James — demanding more information about how Zoom secures user data. Some have even prohibited use of the video-conferencing app — including, according to Reuters, Elon Musk’s SpaceX rocket company, which cited “significant privacy and security concerns.”
On the security side of things, Zoom has now patched several recently-disclosed vulnerabilities – including two zero-day flaws uncovered this week in the conferencing platform’s macOS client version, and a UNC path injection vulnerability in the Zoom Windows client, which could enable attackers to steal Windows credentials of users.
Moving forward, Yuan said Zoom would be “enhancing” its current bug-bounty program, and creating white-box penetration tests to “further identify and address issues.”
“Transparency has always been a core part of our culture,” said Yuan. “I am committed to being open and honest with you about areas where we are strengthening our platform and areas where users can take steps of their own to best use and protect themselves on the platform.”