Error

Zoom made a big mistake. And took 4 months to fess up about it.

Thursday, July 11, 2019 by Snacks

Enter your passcode on the touchtone keypad... to listen to Zoom's brutal security flaw. What's given Zoom a cult corporate following is its easy-use video conference calling. On Monday, we learned about the bug: If an attacker sends you a malicious Zoom link, it opens your Mac webcam automatically — exposing your life. The flaw is bad. Zoom's response was worse.

Enter Jonathan Leitschuh... The software engineer side-hustles as a security flaw hunter. Here are highlights of the awkward series of events he detailed on his blog post that exposed the Zoom issue.

  • March 8: Jon tweets at Zoom he found a problem (gets no response).
  • March 26: He emails Zoom, warning he’ll disclose the flaw in 90 days (he even offers a quick fix).
  • March 27: Jon is offered a "bug bounty" by Zoom (payment from Zoom for finding the problem), which he refuses to accept.
  • June 21: Zoom says the flaw is fixed!
  • July 7: The fix stops working!
  • July 8: So Jon tells the world.
THE TAKEAWAY

Investors vote in real-time via Wall Street... Despite the security flaw, the flubbed fix, and a beloved CEO's belated apology, shares didn't drop (they've actually risen since Monday). The bug's most likely impact on Zoom would've been customers leaving or lawsuits arriving. The stock's reaction signals Wall Street may not be worried about either.

Subscribe to Snacks