Zoom promises to fix its security flaws and publicly apologizes

Zoom promises to fix its security flaws and publicly apologizes

The popular Zoom video conferencing app has been in the spotlight in recent weeks for several security and privacy flaws. There have been several episodes that the company has starred in and now its CEO, Eric S. Yuan, has publicly apologized on the company’s blog.

Zoom promises to fix bugs in less than three months

It all started when we discovered that the Zoom app shared usage and location data with Facebook, later we saw how the calls are not encrypted from end to end despite the fact that both the app and the website indicated it. Shortly after we learned about the somewhat questionable techniques that the app used to install itself on Mac computers, where it falsified a system warning to obtain privileges and installed without the user’s permission. Finally, we learned that these practices make a Mac with Zoom installed susceptible to privilege escalation attacks and camera and microphone access without user consent.

With all this the company has issued a statement signed by its CEO trying to calm many users who are already looking for alternatives. The team takes three months to fix the various security flaws that it will focus all of its engineers on, pausing the development of new functions. For this process Zoom will meet with external security experts as well as Zoom users to “understand and ensure the safety of all users in all cases”.

User reactions and alternatives

While Zoom focuses on solving all the security flaws that have appeared, several companies have stopped using their services, the last and best known is SpaceX. The company Elon Musk has banned its employees to use the app Zoom citing “important issues for privacy and security.” Apple, for its part, no longer initially allowed Zoom to be used by its employees, instead recommending FaceTime, Slack, and WebEx / Jabber.

On a personal level, we have several alternatives to using Zoom. If our interlocutors have an Apple product, the best option is to use FaceTime. Apple’s video calling platform allows up to 32 participants and uses end-to-end encryption so that only the participants in the conversation can access it, not even Apple has access.

Other security-centric alternatives include Signal, which is even recommended by Edward Snowden, and allows us to make calls and video calls in a fully encrypted way, or Wire, an open-source client with end-to-end encryption, based in Switzerland and funded by the Co-Founder of Skype.

More widespread or well-known options, many of which do not offer end-to-end encryption, we find Microsoft’s well-known service Skype, the aforementioned Slack, which integrates chat, audio and video in a single app, Google Hangouts, WhatsApp, which does use encryption, Google Duo, Discord, Facebook Messenger, etc.

Although a business meeting is very different from a casual conversation with friends, it is always recommended to use the platforms and services with the best features regarding security and privacy. Something to hide? Nothing, but everything could be taken out of context.