The enormous popularity Zoom is gaining due to the global lockdown is revealing more and more details about its security, privacy and other practices. However, doubts about the security of the service do not seem new, various former Dropbox employees assure that the company paid hackers to find vulnerabilities in its partner Zoom and therefore the pressure to improve their security.
According to statements to NYT, Dropbox chose in 2018 to encourage hackers and security experts to find Bugs at Zoom and other services Dropbox was a partner. There were two main reasons for this, the first being that some of the executives at Dropbox had also invested in Zoom, so it was in their best interest to improve the service. On the other hand, Zoom is a communication tool which, although it has become popular now, has been used for years in the business / tech environment, and Dropbox has also used it internally for years, this is why they wanted to make it safe.
In April 2019, Dropbox hosted a security event in Singapore where hackers were encouraged to find vulnerabilities in Dropbox and its partner products. They indicate that one of the services they could have hacked was Zoom through a vulnerability that allowed them to take control of Mac computers. Although Dropbox reported the issue to Zoom, these it took months to fix it and only when a similar vulnerability has appeared publicly.
Other practices in Dropbox include for example creating a Zoom cloning app called Vroom. In this, employees were encouraged to hack it and thereby discover the vulnerabilities that exist also in Zoom. The idea was for employees to learn the wrong mistakes like Zoom. Finally, it is also mentioned that features like the virtual waiting room were a measure that Dropbox encouraged Zoom to implement.
The huge popularity caught Zoom by surprise. A service that was never designed for such a large mass of users and focused from the start on the business sector. Exposing vulnerabilities and privacy concerns, while necessary, those involved in the tech industry call them unfair. Alex Stamos, former Facebook director and now Zoom advisor, said: “I don’t think a lot of these things were predictable. Dropbox engineers say these issues have been going on for years, as Dropbox’s zooming practices suggest.
Zoom for its part reacted to all these problems by announcing a total of 90 days devoted exclusively to improving the security and confidentiality of the service without focusing on adding new features. A containment strategy with which they hope to improve Zoom’s tools and security measures for users and in particular for the new service approach which is no longer so business-oriented and more commercial with a presence in homes, schools and all kinds of organizations. .
From SamaGame, we contacted Zoom to find out their position in this regard. We will update the article if we get a response.