Zoom Security Consultant: 'A Bunch of Bugs Have Been Found and Fixed'

May 7, 2020
Since the coronavirus pandemic began, videoconferencing for remote working, learning, and social interaction has taken center stage, and so have companies that provide the service. Zoom went viral over the last few weeks as it ascended into household name status but later took a hit as privacy issues surfaced.
In a message this week, CEO Eric Yuan laid out the company's 90-day plan to focus the company 100 percent on security and privacy and to engage top experts to help. One of those experts is a former Facebook chief security officer, Alex Stamos, who joined Cheddar to discuss the changes the company is making.
"The goal of Zoom right now is to find ways to increase privacy for all of their meetings and provide options for users who have really strong security requirements," said Stamos, citing the many high profile Zoom meetings that have occurred over the last few weeks — including cabinet meetings held by UK Prime Minister Boris Johnson.
The company has taken major steps, such as hiring outside firms to simulate hackers to study how people are breaking into chats and meetings or, as it is now known, 'Zoom-bombing.' The videoconferencing firm is also working towards deploying end-to-end encryption for its users so that chats would become protected against would-be "bombers," but doing that is "a really complicated thing, especially with Zoom's scale," according to Stamos.
However, Zoom announced on Thursday that it acquired the company Keybase to be a vital part of reaching that encryption goal.
The company's shift towards focusing on security has not fallen on deaf ears, as the New York City Department of Education lifted its ban on using the platform for remote teaching. While the company continues to strive for a more secure video-chatting experience, Stamos assured Cheddar that already "a bunch of bugs have been found and fixed."
close
We use cookies and similar technologies on this site to collect identifiers, such as IP address, and cookie and device IDs as described in our Privacy Policy.