Zoom, a popular videoconferencing service, suspends its feature updates for 90 days. Just as it has seen explosive user growth as the world adapts to working from home, researchers have discovered many security and privacy concerns. The company therefore undertakes to take a break from the features to plug the holes.
According to a Zoom on the blog, the number of daily active users is much higher today than it has ever been before. While last December the company had an average of 10 million daily active users, it now sees somewhere closer to 200 million daily active users. It is a big success for the company, but it came at a cost.
A few months ago, the company was under fire from installation of secret web servers which allowed the websites to start your camera without your consent. Although the company has resolved this problem, security researchers have since discovered other security and privacy concerns.
The Windows version of Zoom has a particularly nasty bug that allows bad actors to steal your Windows credentials. It also seems that Zoom is not end-to-end encrypted, despite otherwise suggested marketing. And for a moment, Zoom was send your data to Facebook, even if you’re not using Facebook.
The company has already addressed some of these issues and is working on others. But in his blog post, he portrays the image of the two overwhelmed by the influx of users. In addition, the company claims to have designed the Zoom service primarily for business scenarios, where dedicated IT departments would likely apply security measures.
These are not good answers, however, and Zoom seems to know that. Thus, the company will suspend its work on the new features for 90 days to resolve the outstanding security problems. It has also increased its bug reward reward program.
These are encouraging steps to take and hopefully the company is doing better for the process.