Zoom has decided to cease development of new product features so it can focus on fixing various privacy and security issues.

The company has seen a surge in the use of its platform in recent weeks, as self isolation in response to the Covid-19 pandemic ramps up the demand for video software. As its popularity has boomed – both for business and personal use – and the company’s stock price rocketed, underlying vulnerabilities in the platform have become apparent. 

“Zoom-bombing,” where intruders have been able to access video meetings that were not password protected, has led to serious privacy concerns, with uninvited attendees harassing online A.A. meetings and church meetings, for example. The FBI this week warned of unauthorized access to virtual classrooms and recommended that users change security settings to protect meetings. 

Meanwhile, Elon Musk’s SpaceX aerospace company apparently banned the use of Zoom by its 6,000 employees because of privacy and security worries, according to  Reuters. Zoom has also come under fire for a vulnerability that enabled hackers to steal passwords on Windows devices, though that flaw has since been addressed.

Zoom CEO apologizes for recent issues

In response to the growing concerns, Zoom CEO Eric Yuan published a blog post Wednesday detailing the company’s response. He said that over the next 90 days Zoom will direct necessary resources to “better identify, address, and fix issues proactively.

“We are also committed to being transparent throughout this process. We want to do what it takes to maintain your trust,” he said. 

Measures include a “freeze” on feature development, with Zoom engineers told to focus on “trust, safety and privacy issues.”

The company also plans to work with “third-party experts” to review security for consumer use of its platform; create a council of CISOs to discuss security best practices; create a transparency report in relation to “requests for data, records, or content;” expand Zoom’s bug bounty program; and conduct white box penetration tests to identify other security issues. 

Copyright © 2020 IDG Communications, Inc.

Source Article