With the outbreak of coronavirus, video meeting service Zoom has seen an unprecedented rise in usage as it's a free service. In fact, it was used by more than 200 million daily users in the month of March. While it has proven popular, however, critics are concerned about privacy issues with the service, and Zoom seems more open to criticism than ever before. This has meant interest not only from hackers but also from security experts.
One problem was found by security researcher @_godmode, who found a flaw that arises from the chat function, where the URL to hyperlink conversion also works with UNC paths, which when clicked, can reveal login information.
Two additional bugs on the Apple version have been identified, too, giving hackers free access to your webcam and microphone.
A more serious problem with the installer has also emerged, as the installer program can have code injected into it, giving hackers full access to the operating system.
And to top it all off, there is no end-to-end encryption, despite the program promising it. It instead uses TLS encryption, meaning that Zoom has full access to everything.
In response to these security flaws, Zoom CEO Eric Yuan has promised to improve security.