Zoom’s business partners were aware of the platform’s security flaws years before its recent surge in popularity during the COVID-19 pandemic.
A new report from the New York Times reveals that Dropbox was concerned about the flaws in Zoom, and was afraid that its own security may be compromised. Dropbox then started to privately offer rewards to hackers to find problems with the software.
The Dropbox engineers started to police Zoom’s security practices, and claimed that they were shocked by the numerous severe security flaws that the hackers found in the software’s code.
In 2018, Dropbox had privately paid hackers to find problems with the platform. Its own security engineers had also looked into the problems. Once the engineers shared their findings with Zoom, it took the platform months to fix the problems. Zoom allegedly only fixed the issues once another hacker publicized the flaws.
What’s interesting about these new findings is the fact that another tech company was the one to push Zoom to address its security shortcomings.
Zoom’s recent and sudden rise in popularity has led to the uncovering of several security and privacy issues, such as ‘zoombombing,’ which allow unauthorized users to enter meetings and display racist or pornographic images.
“I have no doubt that Zoom was better able to address the current ‘zoombombing’ craze thanks to Dropbox’s early involvement,” a former head of security at Dropbox told the New York Times.
Zoom recently hired former Facebook security chief Alex Stamos to help improve the platform’s security measures. This came after Zoom CEO Eric Yuan noted that the company “messed up” in launching a service that has been easily exploited by hackers and trolls.
Source: The New York Times