Zoom apologises for flaw that could allow attackers to acquire Windows password, promises to fix issues

Zoom chief said that usage of Zoom had far surpassed what they expected when they launched it in late February.

Video conferencing app Zoom has surged in popularity amid the ongoing coronavirus lockdown. However, recently the app faced a lot of flak when two researchers claimed to have found a loophole that can allow attackers acquire Windows passwords.

The researchers said hackers can also silently access a user's Macbook and tap into its webcam and microphone.

Zoom chief executive Eric S Yuan has apologised for the security issues and promised to look into the concerns.

Yuan said that usage of Zoom had far surpassed what they expected when they launched it in late February.

Zoom video conferencing app

Zoom video conferencing app

“As of the end of December last year, the maximum number of daily meeting participants, both free and paid, was approximately 10 million. In March this year, we reached more than 200 million,” he added.

The Zoom CEO admitted that despite working around the clock, the service had fallen short of security expectations, adding, “for that, I am deeply sorry.”

According to Yuan, Zoom now has a much broader set of users who are utilising the product in a number of ways, presenting them with challenges they did not anticipate.

As per a report by the BBC, Ex-NSA (National Security Agency) hacker Patrick Wardle first identified a series of issues in the video conferencing app.

Yuan described a series of steps they would be taking to tackle the problem over the next 90 days, including:

  • Sanctioning a feature freeze with immediate effect and shifting engineering resources to focus on safety, and privacy issues
  • Conducting a comprehensive review with third-party experts and representative users to ensure security of all new cases
  • Creating transparency report that details information related to requests for data, records, or content
  • Enhancing current bug bounty programme
  • Launching CISO council in partnership with leading CISOs from across the industry to facilitate an ongoing dialogue regarding security and privacy best practices
  • Engaging a series of white-box penetration tests to further identify and address issues

Yuan also added that starting next week he will host a weekly webinar on Wednesday to provide privacy and security updates to the community.

Find latest and upcoming tech gadgets online on Tech2 Gadgets. Get technology news, gadgets reviews & ratings. Popular gadgets including laptop, tablet and mobile specifications, features, prices, comparison.