Zoom, the safety Suffering Were Not a secret, business partners such As Dropbox

Zoom, the safety Suffering Were Not a secret, business partners such As Dropbox

A year ago, two Australian hackers have found themselves on an eight-hour flight to Singapore to participate in a live-hacking competition sponsored by Dropbox. At 30,000 feet, with nothing but a slow internet connection, they decided, ahead of hacking-Zoom, a video conferencing service, the knew was of the many Dropbox employees.

The Hacker soon we discovered a big vulnerability in the Zoom software, which allows would be attackers to secretly control certain user of Mac computers. It was just fear of the kind of error, the security engineers at Dropbox had to come, of Zoom, after three previous Dropbox engineers.

Now the Zoom video conferencing service has become the preferred communications platform for hundreds of millions of people resort to home, and reports about your privacy and security problems have greatly increased./p>

“Zoom” the defenders, including the big names in Silicon Valley venture capitalists, who say that the onslaught of criticism is unfair. They argue that the Zoom, which is originally designed for companies, could not have expected, would send a pandemic, that was the legions of consumers flocking to his service in the span of a few weeks and use it for purposes — to celebrate, such as the primary school classes and family — for never.

“Zoom” the sudden popularity — almost 600,000 people the app is downloaded on a single day in the last month has opened, which forced it to increased scrutiny by scientists and journalists, and the company, with a rash of ” security incidents.


Latest Updates: markets and companies


  • Oil falls as the storage capacity is running low, and a quirk in the pricing of scarves out of a benchmark.
  • Wall Street crashes in a day of volatile trading.
  • small business say, big banks ignored them in favor of the wealthy customers.

Three weeks ago, the warned F. B. I., there have multiple reports of trolls who are hijacking the public school, the classes, the you Zoom, the display of pornography, and make threats, malicious attacks, known as “zoom bombing.”

last week, Vice’s Motherboard blog reported that the security bug could allow Broker-selling access for $500,000 — to the critical Zoom security vulnerabilities, remote access to the computers of the users. Separately, Hacker more than half a million Zoom-user passwords and user names for sale on the so-called dark web.

April 1, Eric S. Yuan, Zoom’s chief executive, said the company would limit itself to safety with all of its engineering resources for the next 90 days and privacy. Last week, the company announced a revised reward system for hackers, the vulnerabilities in the code. Mr Stamos said, Zoom was also work to reduce on the design changes, the potential risks of security vulnerabilities and abuse, such as zoom bombing.

In a statement, Zoom, said he appreciated,” the researchers and the industry partners who have helped and continue to help us to identify problems, as we are constantly striving to strengthen our platform.” He added that the company is “working proactively to better identify, address and solve the problems.”

In a statement, Dropbox said it was “grateful to the Zoom for the first participation” in the dealer-bug-bounty-program. She added that Dropbox used a video conferencing service for internal meetings, and the Zoom was “a very important tool in the management of our teams.”

Before Zoom’s IPO in the year 2019, Dropbox made a $5 million investment in the company. Separately, Bryan Schreier, a Dropbox Director, is a partner at Sequoia Capital, the a $100 million investment in Zoom prior to the first offer.

Even critics acknowledge that the Zoom remains the most user-friendly video-conferencing service on the market and has become a critical tool for communication during the pandemic. Security researchers also praised the Zoom for the improvement of the reaction times — quick to patch the last bugs and remove features presented risks to the privacy of the consumer.

“Zoom” is not the first tech company, and its sudden rise in popularity is exposed to, his problems. Microsoft, Twitter, Google, Facebook, and Uber have all settled Federal charges for consumer safety or privacy.

What is different to Zoom the unusual role, the weaknesses of another tech company-Dropbox — has played the video conference service for your safety. Details on Dropbox’s role was not publicly known before.

Many businesses, including Zoom, have the “bug-bounty programs” where they pay hackers to turn on vulnerabilities in the software code. But Dropbox has integrated fact, its file-sharing services with a Zoom, something novel.

2018 Dropbox private pay top hackers, it worked regularly offered to find problems with the Zoom software. It even had its own security engineers to confirm the bugs, and look for similar problems before you to Zoom, according to the previous Dropbox engineers.

hackers have reported several dozen problems with the Zoom in the Dropbox, the former employees said. This moderate problems, such as the ability for attackers to take over users ‘ actions on the Zoom web-app, and more serious security vulnerabilities such as the ability of attackers to run malicious code on computers with Zoom software. Dropbox also has its own controls, to ensure that its integration with the Zoom is not a risk for the Dropbox user.

“Zoom” is known for security vulnerabilities began to spread, within Dropbox, the engineers said.

As part of an annual company-wide hacking contest in the year 2018, Dropbox engineers, a knockoff Zoom — they called it the “Vroom” and asked the staff to chop it. The Dropbox-employees successfully Vroom meeting codes that would have allowed to bring you to the crash to meet hypothetical Vroom. The idea of the exercise, former Dropbox told employees, was to teach Dropbox engineers to avoid some of the security mistakes made by Zoom.

Some of the former employees said, Dropbox also had to be prompted to Zoom leads to additional security measures, including a virtual waiting room-a function that allows the meeting organizers for the training participants, before we put them in a video conference.

“I have no doubt that the Zoom was in a better position the address of the current ‘zoom-bombing’ craze, thanks to Dropbox early” participation, Chris Evans, the former head of security at Dropbox, wrote in an E-Mail to a reporter.

Dropbox employees are not the only ones to find the problems. By the end of 2018, David Wells, senior research engineer at Tenable, a security vulnerability assessment company, put a severe error in the Zoom, which would have permitted to interfere with an attacker, a meeting — without even having to call. Among others, Mr. Wells reported that an attacker could, via a Zoom-screen controls to enter keystrokes and secretly install malware on your computer.

Mr. Wells was also the vulnerability, which allowed him to post messages in the Zoom-chats among others, the names of people and kick the people off meetings. Mr. Wells, the report said its findings directly Zoom, Zoom, had quickly patched the bug.

Released on Mon, 20 Apr 2020 18:31:29 +0000

Leave a Comment