- Tram Ho
People often say ‘at risk’, but actually ‘inside is also at risk’, the security problems that Zoom encountered in March proved it.
Due to the Covid-19 epidemic, many countries around the world had to implement a ‘social gap’, which led to the fact that everyone had to work from home, making online meeting and working applications expensive. Thanks to its ease of use and many utilities that can be used for free, Zoom has become the biggest star in the online meeting application market.
By the end of March 2019, Zoom ‘s popularity had increased by so much: it topped the Google Play Store rankings, outstripping heavyweight rivals such as TikTok, WhatsApp and Facebook. This happened despite the existence of old video call applications such as Microsoft Skype, Teams, Google Duo, Hangout Meets and others.
However, in early April, many organizations and the Government warned about Zoom security incidents – called zoom-bombing, for example: hackers could gain access to an online classroom through Zoom. , then send sensitive messages, photos, even reveal the teacher’s address; Network security researchers conducted tests and found that the Zoom application does not have end-to-end encryption – the mandatory security standard of online messaging or video calling applications.
On April 3, Zoom apologized in a blog post for ” privacy concerns that users are facing “. Company CEO Eric S. Yuan confirms they are not ready to handle too many issues that arise (in terms of security) when there are too many users in a short period of time.
In the following days, although Zoom rushed to fix those security vulnerabilities, there were continuous restrictions on using Zoom from the New York Department of Education – the United States and the internal ban of the German Foreign Ministry, then Thuong. The US institute also requires employees to use other software instead of Zoom.
Zoom CEO – Eric S. Yuan. Photo: FT
Facing this situation, in addition to officially apologizing to the parties, Zoom also quickly rushed to revive the confidence of consumers, organizations as well as the Government.
The first action of Zoom leaders is to hire Mr. Alex Stamos – former Security Director of Facebook to be an advisor for businesses. Besides, they quickly launched a 90-day campaign to improve security.
In early May, Zoom announced strong security improvements with the widespread launch of Zoom 5.0, marking an important milestone in the company’s 90-day plan to proactively identify, address, and improve security as well as privacy. With support for AES 256-bit GCM encryption, Zoom provides an extra layer of protection for meeting data and tamper resistance.
” I am very proud of completing this step in the 90-day plan, but this is just the beginning. We created this company to bring happiness to our customers. I believe we will win it.” their trust and bring happiness by their steadfast focus on providing the most secure platform , “said Eric S. Yuan.
Mr. Oded Gal, Production Manager of Zoom said more specifically: Zoom sees users’ privacy and platform security comprehensively. From the system to the features, to the user experience, all are carefully considered.
As for the back-end (system management), Zoom 5.0’s AES 256-bit GCM encryption method will enhance the data security of users during transmission. As for the front-end (the user interface part), what makes Oded Gal most interesting is the Security icon on the meeting menu bar. This makes Zoom’s existing and newly added security features a central focus for meeting organizers.
With millions of new users, this will ensure they have immediate access to important security control options during their meetings.
On May 8, the business announced that it had completed the acquisition of Keybase, a secure file sharing and messaging service. Through the acquisition, the addition of a team of security and encryption engineers will help Zoom accelerate end-to-end encryption development plans to keep pace with current growth.
” The world now has end-to-end encrypted communications platforms, some have security systems that can be easily deployed, and some meet, ” said Eric S. Yuan, CEO of Zoom. However, we believe that no platform currently integrates all of these capabilities.
Zoom wants to build and provide users with security features, ease of use, and flexible scaling of all sizes. The first step is to gather the right team. The Keybase team has a wealth of experience in security and encryption, so Zoom is pleased to welcome Max and his team. With these security experts in attendance, our 90-day security enhancement plan will be expedited faster . ”
Max Krohn, co-founder and developer of Keybase.io, replied: ” We are excited to join Zoom. With our strengths in security and privacy, we are honored to be able to meet Keybase’s encryption expertise on a platform that is used by hundreds of millions of users every day. ”
In charge of Zoom’s security, the team from Keybase will play an important role in the 90-day plan when proactively identifying, addressing and improving Zoom’s security and privacy capabilities. Mr. Krohn will lead Zoom’s team of security engineers and report directly to CEO Eric Yuan. Zoom and Keybase executives will work together to determine the future of Keybase products. The terms of the deal were not disclosed.
Keybase was a startup launched in 2014 and currently has about 19 employees. It was adviser Alex Stamos who stepped forward the deal. Keybase successfully called for $ 19.8 million in investments in 2015.
Source : Genk