Every Security Issue Uncovered so far in the Zoom Video Chat App

posted by martyb on Monday April 20, @01:38AM   Printer-friendly [Skip to comment(s)]
from the 200-Million-Daily-Telescreens?-See:-"1984" dept.
upstart writes in with an IRC submission for Bytram:

Zoom: Every security issue uncovered in the video chat app:

As the coronavirus pandemic forced millions of people to stay home over the past month, Zoom suddenly became the video meeting service of choice: Daily meeting participants on the platform surged from 10 million in December to 200 million in March.

With that popularity came Zoom's privacy risks extending rapidly to massive numbers of people. From built-in attention-tracking features to recent upticks in "Zoombombing" (in which uninvited attendees break into and disrupt meetings with hate-filled or pornographic content), Zoom's security practices have been drawing more attention -- along with at least three lawsuits against the company.

Here's everything we know about the Zoom security saga, and when it happened. If you aren't familiar with Zoom's security issues, you can start from the bottom and work your way up to the most recent information. We'll continue updating this story as more issues and fixes come to light.

The story provides a day-by-day list with details of what was reported. Apologies as there are no anchors in the story to which we could provide links. The dates and headlines are excerpted below. See the original story for the details.

April 16
Two new massive Zoom exploits uncovered
Zoom to revamp bug bounty
April 15
$500,000 price tag for new exploit
April 14
Suit filed against Facebook and LinkedIn
New privacy option for paid accounts
April 13
500,000 Zoom accounts sold on hacker forums
April 10
Pentagon restricts Zoom use
April 9
Senate to avoid Zoom
Singapore teachers banned from Zoom
German government warns against Zoom use
April 8
Fourth lawsuit
Google bans Zoom
Bug bounty hunters emerge
New security advisor and council
Classroom security
Usability versus security
IDs hidden
Weekly webinars
AI Zoombomb
April 7
Taiwan bans Zoom from government use
April 6
Some school districts ban Zoom
Zoom accounts found on the dark web
Zoom seeks to grow its lobbying presence in Washington
Urging an FTC investigation
Third class action lawsuit filed
April 5
Calls mistakenly routed through Chinese whitelisted servers
April 4
Another Zoom apology
April 3
Zoom video call records left viewable on the web
Attackers planning 'Zoomraids'
Zoom apologizes, again
Second class action lawsuit filed
Congress requests information
April 2
Automated tool can find Zoom meetings
More plans for Zoombombing
Data-mining feature discovered
April 1
SpaceX bans Zoom
More security flaws discovered
Apologies from Yuan
March 30
The Intercept investigation: Zoom doesn't use end-to-end encryption as promised
More bugs discovered
First class action lawsuit filed
Letter from New York Attorney General sent
Classroom Zoombombings reported
March 27
Zoom removes Facebook data collection feature
March 26
Motherboard investigation: Zoom iOS app sending user data to Facebook

Original Submission


