Zoom is Doom: Total System Compromise

Source: Original Doom artwork from John Romero on Gamespot.

For months I’ve been warning people that using a Zoom client means a system should be treated as completely compromised.

TechCrunch in April 2020 reported it as “Zoom Doom

If you care about your security and privacy, perhaps stop using Zoom

My position has been clear, as I’ve written multiple times on this blog. Now this:

…they were able to take over the remote system running the Zoom client without any involvement from the victim; the exploit didn’t require the victim to click any links or open any attachments…

Here we are a year after Zoom Doom and it’s worse. See also the final order from the FTC, still not implemented by Zoom as of early April.

  • November 9, 2020 — FTC Requires Zoom to Enhance its Security Practices as Part of Settlement
  • February 1, 2021 — FTC Gives Final Approval to Settlement with Zoom over Allegations the Company Misled Consumers about Its Data Security Practices

I can not emphasize enough just how broken the security culture of Zoom was that after harsh criticism of security they brought in the infamously disgraced CSO (biggest undisclosed breaches in history) to handle PR.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.