We already have reported NASA, SpaceX and Google have warned their employees not to use Zoom. In addition, Taiwan authorities, the Australian government, American schools, as well as the US Senate and the German Foreign Office banned using application.
This week, the Indian authorities contributed the list: the country banned the use of Zoom for holding remote government meetings, saying that the platform is not suitable for use by government officials.Let me remind you that this situation arose due to many security and privacy issues in Zoom.
“Due to harsh criticism from information security experts, in early April application development was stopped for 90 days, and the company was fully focused on improving security, and also promised to conduct an audit involving third-party specialists”, – report SecurityWeek journalists.
The company’s engineers have already eliminated many of the security problems discovered by experts, created a CISO council at the company, and invited Alex Stamos, the former head of Facebook security, to help with a comprehensive analysis of the platform’s security.
In particular, one of the big problems of the platform is the so-called “Zoom-Bombing”. Third parties often join Zoom video conferences (online lessons, business meetings, and so on) in order to disrupt the meeting or joke. Often after a while records of such pranks appear on social networks.
For example, this week, an American congressman said that in early April, attackers managed to disrupt the meeting at Zoom, held at the highest levels of the US government. A letter about the incident was sent to the chairman of the Ohio House of Representatives Oversight Committee.
“The document states that, despite all the warnings from the media and the FBI, officials used Zoom to hold a meeting, and as a result, the briefing was interrupted three times due to Zoom-Bombing”, – said the reporters.
Although it will definitely be difficult to restore Zoom’s reputation after all that has happened, the developers continue to follow their plan and devote their entire time to improving security.
So, yesterday it became known that Luta Security, a company specializing in managing vulnerability disclosure programs and organizing bug bounty, became a Zoom partner. Cyber security veteran Katie Moussouris heads the company.
The founder of Luta Security is best known for coordinating bug bounty programs for Microsoft, Symantec and the Pentagon. Although Zoom previously had a reward for vulnerabilities on the HackerOne platform, Luta Security will help update it and improve it.
In addition, in her Twitter, Moussouris hinted that other well-known experts will join Zoom in the near future.
“I’m excited to highlight my colleagues who are adding their expertise in the next few weeks. In addition to welcoming my former colleague @alexstamos to the extended Zoom security family”, — said Katie Moussouris.
Moussouris announced a collaboration with Zoom with privacy specialist Leah Kissner (former head of Privacy Technology at Google), cryptographer and university Johns Hopkins professor Matthew Green, as well as three well-known audit firms: BishopFox, NCC Group and Trail of Bits.