What you need to know
- More concerning security issues have been found within popular video-conferencing app Zoom.
- They include an encryption vulnerability, servers in China, and an automated tool that can find 100 Zoom meeting IDs an hour.
- Zoom has already publicly apologized for previous issues, vowing to freeze new features for 90 days whilst it issues fixes.
Two separate reports have revealed further issues within popular video-conferencing app Zoom.
First up, a report from The Verge notes that a security professional has used an automated tool that can scour meetings to find ones that are not protected by passwords. Apparently, it was able to find 2,400 calls in a single day, extracting a link to meeting, date, time, organizer and meeting topic information. From the report:
Automated Zoom conference meeting finder 'zWarDial' discovers ~100 meetings per hour that aren't protected by passwords. The tool also has prompted Zoom to investigate whether its password-by-default approach might be malfunctioning https://t.co/dXNq6KUYb3 pic.twitter.com/h0vB1Cp9TbAutomated Zoom conference meeting finder 'zWarDial' discovers ~100 meetings per hour that aren't protected by passwords. The tool also has prompted Zoom to investigate whether its password-by-default approach might be malfunctioning https://t.co/dXNq6KUYb3 pic.twitter.com/h0vB1Cp9Tb— briankrebs (@briankrebs) April 2, 2020April 2, 2020
In a statement to The Verge regarding this issue Zoom said:
A second separate report from The Intercept published today claims that Zoom's encryption algorithm has "serious, well-known weaknesses" and that keys are being issued by servers sometimes based in China, even if all the participants are based in the US.
Zoom has not commented further on this issue, which was also reported by Forbes who note:
Security concerns regarding Zoom are now seemingly well noted in the community. The encouraging sign is that Zoom has taken notice, apologized and vowed to fix all of these issues over the next 90 days, freezing new features in the meantime.
Stephen Warwick has written about Apple for five years at iMore and previously elsewhere. He covers all of iMore's latest breaking news regarding all of Apple's products and services, both hardware and software. Stephen has interviewed industry experts in a range of fields including finance, litigation, security, and more. He also specializes in curating and reviewing audio hardware and has experience beyond journalism in sound engineering, production, and design.
Before becoming a writer Stephen studied Ancient History at University and also worked at Apple for more than two years. Stephen is also a host on the iMore show, a weekly podcast recorded live that discusses the latest in breaking Apple news, as well as featuring fun trivia about all things Apple.
Didn't stop Boris Johnson using it!
Boris Johnson doesn't have the brains to know any better. The guy who is telling everyone to wash their hands and social distance, apparently got COVID-19. Someone didn't practice what they preach…
Get the best of iMore in in your inbox, every day!
Thank you for signing up to iMore. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.