{"id":34405,"date":"2020-04-14T14:32:56","date_gmt":"2020-04-14T14:32:56","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/31115\/Zoom-Every-Security-Issue-Uncovered-In-The-Video-Chat-App.html"},"modified":"2020-04-14T14:32:56","modified_gmt":"2020-04-14T14:32:56","slug":"zoom-every-security-issue-uncovered-in-the-video-chat-app","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/zoom-every-security-issue-uncovered-in-the-video-chat-app\/","title":{"rendered":"Zoom: Every Security Issue Uncovered In The Video Chat App"},"content":{"rendered":"

\"14-zoom-app-meetings-work-from-home-coronavirus\"<\/span><\/span>Sarah Tew\/CNET<\/span><\/p>\n

As the coronavirus pandemic<\/a><\/span> forced millions of people to stay home<\/a><\/span> over the past month, Zoom suddenly became the video meeting service of choice: Daily meeting participants on the platform surged from 10 million in December to 200 million in March<\/a><\/span>.<\/p>\n

With that popularity came Zoom’s privacy<\/a> risks extending rapidly to massive numbers of people. From built-in attention-tracking features to recent upticks in “Zoombombing<\/a>” (in which uninvited attendees break into and disrupt meetings with hate-filled or pornographic content), Zoom’s security practices have been drawing more attention — along with at least three lawsuits against the company. <\/p>\n

Here’s everything we know about the Zoom security saga, and when it happened. If you aren’t familiar with Zoom’s security issues<\/a><\/span>, you can start from the bottom and work your way up to the most recent information. We’ll continue updating this story as more issues and fixes come to light.<\/p>\n

Read more<\/strong>: Using Zoom for work? Here are the privacy risks to watch out for<\/a><\/span><\/p>\n

\n
\n
<\/div>\n

Now playing:<\/span> Watch this:<\/span><\/span> Zoom privacy: How to keep spying eyes out of your meetings<\/p>\n

5:45<\/span><\/p>\n<\/div>\n<\/div>\n

\n
\n

CNET Coronavirus Update<\/h2>\n<\/p>\n<\/div>\n
\n

Keep track of the coronavirus pandemic.<\/p>\n<\/p><\/div>\n<\/div>\n

April 14<\/h2>\n

New privacy option for paid accounts <\/h3>\n

In a Tuesday blog post<\/a>, Zoom said that, starting April 18, all paying subscribers will be be able to select which of the company’s regional servers they would like to use or avoid. The move follows an investigation by City Lab<\/a> that found Zoom call traffic had been routed through Chinese servers, which prompted privacy concerns based on the Chinese government’s ability to obtain encryption keys. <\/p>\n

April 13<\/h2>\n

500,000 Zoom accounts sold on hacker forums<\/h3>\n

Cybersecurity intelligence firm Cyble discovered that over 500,000 Zoom accounts are being sold on the dark web and hacker forums, according to a Monday report from Bleeping Computer<\/a>. The accounts are being sold for less than a penny each, with some being given away for free. Zoom users are advised to change their passwords and to check the data breach notification site, Have I Been Pwned<\/a>, to help determine whether their email addresses were among those leaked in the attack. <\/p>\n

April 10<\/h2>\n

Pentagon restricts Zoom use<\/h3>\n

The Department of Defense issued new guidance on the use of Zoom, as reported Friday by Voice of America<\/a>. While the Pentagon’s new rule allows the use of Zoom for Government, a paid service tier of the software, a spokesperson told VOA that “DOD users may not host meetings using Zoom’s free or commercial offerings.” <\/p>\n

April 9<\/h2>\n

Senate to avoid Zoom <\/h3>\n

The US Senate told members to avoid using Zoom<\/a><\/span> for remote work during the coronavirus lockdown due to security issues surrounding the videoconferencing app<\/a>, the Financial Times reported Thursday. It reportedly isn’t an official ban, like Google issued for its employees, but senators were apparently asked to use an alternative platform. <\/p>\n

Singapore teachers banned from Zoom<\/h3>\n

Singapore’s Ministry of Education said it’s suspended the use of Zoom by teachers after receiving reports of obscene Zoombombing incidents targeting students<\/a> learning remotely. Channel News Asia reported that the ministry is currently investigating the incidents. <\/p>\n

German government warns against Zoom use<\/h3>\n

According to German newspaper Handelsblatt<\/a>, the German Ministry of Foreign Affairs told employees in a circular this week to stop using Zoom due to security concerns<\/a>. “Because of the associated risks for our IT system as a whole, we have, like other departments and industrial companies, also decided for the (Federal Foreign Office) not to allow the use of Zoom on the devices used for business purposes,” the ministry said in a statement. <\/p>\n

April 8<\/h2>\n

Fourth lawsuit<\/h3>\n

In a lawsuit filed Tuesday in federal court, Zoom shareholder Michael Drieu accused the company of having “inadequate data privacy and security measures” and falsely asserting that the service was end-to-end encrypted. Drieu also said that media reports and public admissions by the company on security problems have caused Zoom’s stock price to plummet<\/a><\/span>.<\/p>\n

Google bans Zoom<\/h3>\n

In an email to employees, which cited security vulnerabilities, Google banned the use of Zoom on company-owned employee devices and warned that the software will stop working on those devices this week. Zoom is a competitor to Google’s Hangout Meet app<\/a>. <\/p>\n

In an email to BuzzFeed, a Google spokesperson said employees using Zoom while working remotely would need to look elsewhere<\/a> and that Zoom “does not meet our security standards for apps used by our employees.” <\/p>\n

Bug bounty hunters emerge<\/h3>\n

Hackers<\/a><\/span> around the world have begun turning to bug bounty hunting, searching for potential vulnerabilities in Zoom’s technology to be sold to the highest bidder. A Motherboard report detailed a rise in the bounty payout for weaknesses known as zero-day exploits, with one source estimating that hackers are selling the exploits for $5,000 to $30,000<\/a>. <\/p>\n

New security advisor and council<\/h3>\n

Zoom brought former Facebook and Yahoo Chief Security Officer Alex Stamos on board after he defended the company on Twitter<\/a>. As reported by CNET sister site ZDNet<\/a>, Stamos said he joined the company as a security advisor<\/a> after a phone call last week with Zoom founder and CEO Eric Yuan, and that he’ll be working with Zoom’s engineering team.<\/p>\n

In a statement<\/a>, Zoom announced the formation of a chief information and security officer council and advisory board. The board’s goal will be to conduct a full security review of the company’s technology and will include, Yuan said, “a subset of CISOs who will act as advisors to me personally.” <\/p>\n

Classroom security<\/h3>\n

In an email, a Zoom spokesperson told CNET that the company is continuing to push for wider user education on existing security features and explained its move to secure classroom uses of the product.<\/p>\n

“We recently changed the default settings for education users enrolled in our K-12 program to enable virtual waiting rooms and ensure teachers are the only ones who can share content in class,” the spokesperson said. <\/p>\n

“Effective April 5, we are enabling passwords and virtual waiting rooms by default for our Free Basic and Single Pro users. We are also continuing to proactively educate users on how they can protect their meetings from unwanted intruders, including through our offering of trainings, tutorials and webinars to help users understand their own account features and how to best use the platform.”<\/p>\n

Read more<\/strong>: Zoombombing: What it is and how you can prevent it in Zoom video chat<\/a><\/p>\n

Usability versus security<\/h3>\n

In an interview with NPR, Yuan said the balance between security and user-friendliness had shifted<\/a> for him. <\/p>\n

“When it comes to a conflict between usability and privacy and security, privacy and security [are] more important — even at the cost of multiple clicks,” he said. “We’re going to transform our business to a privacy-and-security-first mentality.”<\/p>\n

IDs hidden<\/h3>\n

The company released a software update aimed at improving security, which removes the meeting ID from the title bar when meetings are taking place. As reported by Bleeping Computer, the move is meant to slow attackers who circulate screenshots of meeting IDs<\/a> on the open internet.<\/p>\n

Weekly webinars<\/h3>\n

Yuan held the first of Zoom’s promised weekly webinars, available on the company’s YouTube channel<\/a>, emphasizing the surge of users working from home due to the COVID-19 pandemic “far surpassed anything we expected.”<\/p>\n

Yuan said that prior to the surge, daily peak use of the product amounted to around 10 million users but that it now amounts to more than 200 million. Yuan also detailed the company’s mistakes during the surge: Zoom’s user-facing security features aren’t friendly enough for the average user, and enterprise-focused tools like its attention-tracking feature<\/a> don’t make sense for privacy-minded average consumers. <\/p>\n

Yuan also denied selling any customer data, and he recommended that users engage the software’s security features as often as possible. He also said the company is working on ensuring Zoom’s webinar tool has waiting room improvements, which allow meeting hosts to approve users before they can enter a meeting, but he didn’t have a timeline for completion. Another security feature in the works over the next 45 days is an encryption-standard improvement, and a renewed focus on protecting health-related data, he said. <\/p>\n

AI Zoombomb<\/h3>\n

Zoombombing<\/a> took a surreal turn when a Samsung engineer Zoombombed a colleague with an AI-generated version of Elon Musk. <\/p>\n

April 7<\/h2>\n

Taiwan bans Zoom from government use<\/h3>\n

Taiwan’s government agencies were told not to use Zoom due to security concerns<\/a>, with Taiwan’s Department of Cybersecurity authorizing the use of alternatives such as products from Google and Microsoft, according to a statement released Tuesday. <\/p>\n

April 6<\/h2>\n

Some school districts ban Zoom<\/h3>\n

School districts began banning teachers from using Zoom<\/a><\/span> to teach remotely in the midst of the coronavirus outbreak, citing security and privacy issues surrounding the videoconferencing app. New York’s Department of Education urged schools to switch to Microsoft Teams<\/span> “as soon as possible,” Chalkbeat reported<\/a>.<\/p>\n

Zoom accounts found on the dark web<\/h3>\n

Cybersecurity firm Sixgill revealed that it discovered an actor in a popular dark web forum had posted a link to a collection of 352 compromised Zoom accounts. Sixgill told Yahoo Finance<\/a> that these links included email addresses, passwords, meeting IDs, host keys and names, and the type of Zoom account. Most were personal, but not all.<\/p>\n

“One belonged to a major US health care provider, seven more to various educational institutions, and one to a small business,” Sixgill told Yahoo Finance. <\/p>\n

Read more<\/strong>: Zoombombing: What it is and how you can prevent it<\/a><\/span><\/p>\n

Zoom seeks to grow its lobbying presence in Washington<\/h3>\n

Zoom’s response to security concerns pivoted to Washington, DC. The company told Politico<\/a> it was looking to grow its lobbying presence in Washington, and had hired Bruce Mehlman, a former assistant secretary of commerce for technology policy under President George W. Bush. <\/p>\n

Urging an FTC investigation<\/h3>\n

In an open letter<\/a>, the Electronic Privacy Information Center urged the Federal Trade Commission to investigate Zoom and issue privacy guidelines for videoconferencing platforms. <\/p>\n

Sen. Richard Blumenthal, a Connecticut Democrat more recently known for spearheading  legislation that critics say could cripple modern encryption standards<\/a>, called on the FTC to investigate Zoom over what he described as “a pattern of security failures and privacy infringements.” <\/p>\n

Third class action lawsuit filed<\/h3>\n

A third class action lawsuit<\/a> was filed against Zoom in California, citing the three most significant security issues raised by researchers: Facebook<\/a> data-sharing, the company’s admittedly incomplete end-to-end encryption<\/a>, and the vulnerability which allows malicious actors to access users’ webcams. <\/p>\n

Read more:<\/strong> 10 free Zoom alternative apps for video chats<\/a><\/p>\n

April 5 <\/h2>\n

Calls mistakenly routed through Chinese whitelisted servers<\/h3>\n

In a statement, Zoom admitted that some video calls were “mistakenly” routed through two Chinese whitelisted servers<\/a> when they should not have been. Certain meetings were “allowed to connect to systems in China, where they should not have been able to connect,” it said. <\/p>\n

April 4<\/h2>\n

Another Zoom apology<\/h3>\n

“I really messed up as CEO, and we need to win their trust back. This kind of thing shouldn’t have happened,” Zoom CEO Eric Yuan told the Wall Street Journal<\/a> in a lengthy interview. <\/p>\n

Surveying the damage to the company’s reputation, Yuan described how Zoom pushed for expansion in an effort to accommodate workforce changes during the early stages of the COVID-19 outbreak in China. <\/p>\n

April 3<\/h2>\n

Zoom video call records left viewable on the web<\/h3>\n

An investigation by The Washington Post<\/a> found thousands of recordings of Zoom video calls were left unprotected and viewable on the open web. A large number of the unprotected calls included discussion of personally identifiable information, such as private therapy sessions, telehealth training calls, small-business meetings that discussed private company financial statements, and elementary school classes with student information exposed, the newspaper found. <\/p>\n

Attackers planning ‘Zoomraids’<\/h3>\n

Reporting from both CNET<\/a><\/span> and The New York Times<\/a> revealed social media platforms, including Twitter<\/a> and Instagram, were being used by anonymous attackers as spaces to organize “Zoomraids” — the term for coordinated mass Zoombombings where intruders harass and abuse private meeting attendees. Abuse reported during Zoomraids has included the use of racist, anti-Semitic and pornographic imagery, as well as verbal harassment.<\/p>\n

Zoom apologizes, again<\/h3>\n

Zoom conceded that its custom encryption is substandard<\/a> after a Citizen Lab report found the company had been rolling its own encryption scheme, using a less secure AES-128 key instead of the AES-256 encryption it previously claimed to be using. In a direct response<\/a>, Yuan said publicly, “We recognize that we can do better with our encryption design.”<\/p>\n

Second class action lawsuit filed<\/h3>\n

Tycko and Zavareei LLP filed a class action lawsuit against Zoom<\/a> — the second suit against the company — for sharing users’ personal information with Facebook.<\/p>\n

Congress requests information<\/h3>\n

Democratic Rep. Jerry McNerney of California and 18 of his Democratic colleagues from the House Committee on Energy and Commerce sent a letter to Yuan<\/a> raising concerns and questions regarding the company’s privacy practices. The letter requested a response from Zoom by April 10. <\/p>\n

\n
\n
<\/div>\n

Now playing:<\/span> Watch this:<\/span><\/span> Zoom responds to privacy concerns<\/p>\n

1:34<\/span><\/p>\n<\/div>\n<\/div>\n

April 2<\/h2>\n

Automated tool can find Zoom meetings<\/h3>\n

Security researchers revealed an automated tool was able to find around 100 Zoom meeting IDs in an hour, gathering information for nearly 2,400 Zoom meetings in a single day of scans, as reported by security expert Brian Krebs<\/a>. <\/p>\n

\n
\n

Automated Zoom conference meeting finder ‘zWarDial’ discovers ~100 meetings per hour that aren’t protected by passwords. The tool also has prompted Zoom to investigate whether its password-by-default approach might be malfunctioning https:\/\/t.co\/dXNq6KUYb3<\/a> pic.twitter.com\/h0vB1Cp9Tb<\/a><\/p>\n

\u2014 briankrebs (@briankrebs) April 2, 2020<\/a><\/p><\/blockquote>\n<\/div>\n

The discoverable meetings were those left unprotected by passwords, but the tool was able to successfully generate meeting IDs up to 14% of the time, according to reporting from The Verge<\/a>. <\/p>\n

More plans for Zoombombing<\/h3>\n

Motherboard, meanwhile, discovered that 8chan forum users had planned to hijack the Zoom calls<\/a> of a Jewish school in Philadelphia in an anti-Semitic Zoombombing campaign.<\/p>\n

Data-mining feature discovered<\/h3>\n

The New York Times reported<\/a> that a data-mining feature on Zoom allowed some participants to surreptitiously have access to LinkedIn<\/a> profile data about other users.<\/p>\n

April 1<\/h2>\n

SpaceX bans Zoom<\/h3>\n

Elon Musk’s SpaceX<\/a><\/span> rocket company prohibited employees from using Zoom, citing “significant privacy and security concerns,” as reported by Reuters<\/a><\/span>. <\/p>\n

More security flaws discovered<\/h3>\n

Reporting from Motherboard<\/a> again revealed another damaging security flaw in Zoom, finding the application was leaking users’ email addresses and photos to strangers via a feature loosely designed to operate as a company directory. <\/p>\n

Apologies from Yuan<\/h3>\n

Yuan issued a public apology in a blog post<\/a>, and vowed to improve security. That included enabling waiting rooms and password protection for all calls. Yuan also said the company would freeze features updates to address security issues<\/a><\/span> in the next 90 days.  <\/p>\n

March 30 <\/h2>\n

The Intercept investigation: Zoom doesn’t use end-to-end encryption as promised<\/h3>\n

An investigation by The Intercept<\/a> found that Zoom call data was being sent back to the company without the end-to-end encryption promised in its marketing materials. <\/p>\n

“Currently, it is not possible to enable E2E encryption for Zoom video meetings,” a Zoom spokesperson told The Intercept. <\/p>\n

More bugs discovered<\/h3>\n

After the discovery of a Windows-related Zoom bug that opened people up to password theft, two more bugs were discovered by a former NSA hacker<\/a>, one of which could allow malicious actors to assume control of a Zoom user’s microphone or webcam. Another of the vulnerabilities allowed Zoom to gain root access on MacOS desktops<\/a>, a risky level of access at best.  <\/p>\n

\n
\n

Ever wondered how the @zoom_us<\/a> macOS installer does it\u2019s job without you ever clicking install? Turns out they (ab)use preinstallation scripts, manually unpack the app using a bundled 7zip and install it to \/Applications if the current user is in the admin group (no root needed). pic.twitter.com\/qgQ1XdU11M<\/a><\/p>\n

\u2014 Felix (@c1truz_) March 30, 2020<\/a><\/p><\/blockquote>\n<\/div>\n

First class action lawsuit filed<\/h3>\n

A class-action lawsuit was filed<\/a> against the company, alleging that Zoom violated California’s new data protection law by not obtaining proper consent from users about the transfer of their Zoom data to Facebook. <\/p>\n

Letter from New York Attorney General sent<\/h3>\n

The office of New York Attorney General Letitia James sent Zoom a letter<\/a> outlining privacy vulnerability concerns, and asking what steps, if any, the company had put in place to keep its users safe, given the increased traffic on its network. <\/p>\n

Classroom Zoombombings reported<\/h3>\n

Reporting cases of classroom Zoombombings, including an incident where hackers broke into a class meeting  and displayed a swastika on students’ screens, led the FBI to issue a public warning<\/a> about Zoom’s security vulnerabilities. The organization advised educators to protect video calls with passwords and to lock down meeting security with currently available privacy features in the software.  <\/p>\n

March 27<\/h2>\n

Zoom removes Facebook data collection feature<\/h3>\n

Responding to concerns raised by the Motherboard investigation, Zoom removed the Facebook data collection feature<\/a> from its iOS<\/a> app and apologized in a statement. <\/p>\n

“The data collected by the Facebook SDK did not include any personal user information, but rather included data about users’ devices such as the mobile OS type and version, the device time zone, device OS, device model and carrier, screen size, processor cores, and disk space,” Zoom told Motherboard. <\/p>\n

March 26 <\/h2>\n

Motherboard investigation: Zoom iOS app sending user data to Facebook<\/h3>\n

An investigation by Motherboard<\/a> revealed that Zoom’s iOS app was sending user analytics data to Facebook, even for Zoom users who did not have a Facebook account, via the app’s interaction with Facebook’s Graph API. <\/p>\n

\n
\n
\n
<\/div>\n

Now playing:<\/span> Watch this:<\/span><\/span> YouTube at work on TikTok rival, Zoom’s privacy risks<\/p>\n

1:43<\/span><\/p>\n<\/div>\n<\/div>\n

READ MORE HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

READ MORE HERE…<\/p>\n","protected":false},"author":2,"featured_media":34406,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[8580],"class_list":["post-34405","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinehackerprivacyphoneflawcryptography"],"yoast_head":"\nZoom: Every Security Issue Uncovered In The Video Chat App 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/zoom-every-security-issue-uncovered-in-the-video-chat-app\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Zoom: Every Security Issue Uncovered In The Video Chat App 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/zoom-every-security-issue-uncovered-in-the-video-chat-app\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-04-14T14:32:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/04\/zoom-every-security-issue-uncovered-in-the-video-chat-app.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1092\" \/>\n\t<meta property=\"og:image:height\" content=\"728\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"15 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zoom-every-security-issue-uncovered-in-the-video-chat-app\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zoom-every-security-issue-uncovered-in-the-video-chat-app\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Zoom: Every Security Issue Uncovered In The Video Chat App\",\"datePublished\":\"2020-04-14T14:32:56+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zoom-every-security-issue-uncovered-in-the-video-chat-app\\\/\"},\"wordCount\":2978,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zoom-every-security-issue-uncovered-in-the-video-chat-app\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/zoom-every-security-issue-uncovered-in-the-video-chat-app.jpg\",\"keywords\":[\"headline,hacker,privacy,phone,flaw,cryptography\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zoom-every-security-issue-uncovered-in-the-video-chat-app\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zoom-every-security-issue-uncovered-in-the-video-chat-app\\\/\",\"name\":\"Zoom: Every Security Issue Uncovered In The Video Chat App 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zoom-every-security-issue-uncovered-in-the-video-chat-app\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zoom-every-security-issue-uncovered-in-the-video-chat-app\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/zoom-every-security-issue-uncovered-in-the-video-chat-app.jpg\",\"datePublished\":\"2020-04-14T14:32:56+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zoom-every-security-issue-uncovered-in-the-video-chat-app\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zoom-every-security-issue-uncovered-in-the-video-chat-app\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zoom-every-security-issue-uncovered-in-the-video-chat-app\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/zoom-every-security-issue-uncovered-in-the-video-chat-app.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/zoom-every-security-issue-uncovered-in-the-video-chat-app.jpg\",\"width\":1092,\"height\":728},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zoom-every-security-issue-uncovered-in-the-video-chat-app\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,privacy,phone,flaw,cryptography\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackerprivacyphoneflawcryptography\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Zoom: Every Security Issue Uncovered In The Video Chat App\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Zoom: Every Security Issue Uncovered In The Video Chat App 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/zoom-every-security-issue-uncovered-in-the-video-chat-app\/","og_locale":"en_US","og_type":"article","og_title":"Zoom: Every Security Issue Uncovered In The Video Chat App 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/zoom-every-security-issue-uncovered-in-the-video-chat-app\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-04-14T14:32:56+00:00","og_image":[{"width":1092,"height":728,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/04\/zoom-every-security-issue-uncovered-in-the-video-chat-app.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"15 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/zoom-every-security-issue-uncovered-in-the-video-chat-app\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/zoom-every-security-issue-uncovered-in-the-video-chat-app\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Zoom: Every Security Issue Uncovered In The Video Chat App","datePublished":"2020-04-14T14:32:56+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/zoom-every-security-issue-uncovered-in-the-video-chat-app\/"},"wordCount":2978,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/zoom-every-security-issue-uncovered-in-the-video-chat-app\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/04\/zoom-every-security-issue-uncovered-in-the-video-chat-app.jpg","keywords":["headline,hacker,privacy,phone,flaw,cryptography"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/zoom-every-security-issue-uncovered-in-the-video-chat-app\/","url":"https:\/\/www.threatshub.org\/blog\/zoom-every-security-issue-uncovered-in-the-video-chat-app\/","name":"Zoom: Every Security Issue Uncovered In The Video Chat App 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/zoom-every-security-issue-uncovered-in-the-video-chat-app\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/zoom-every-security-issue-uncovered-in-the-video-chat-app\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/04\/zoom-every-security-issue-uncovered-in-the-video-chat-app.jpg","datePublished":"2020-04-14T14:32:56+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/zoom-every-security-issue-uncovered-in-the-video-chat-app\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/zoom-every-security-issue-uncovered-in-the-video-chat-app\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/zoom-every-security-issue-uncovered-in-the-video-chat-app\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/04\/zoom-every-security-issue-uncovered-in-the-video-chat-app.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/04\/zoom-every-security-issue-uncovered-in-the-video-chat-app.jpg","width":1092,"height":728},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/zoom-every-security-issue-uncovered-in-the-video-chat-app\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,privacy,phone,flaw,cryptography","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackerprivacyphoneflawcryptography\/"},{"@type":"ListItem","position":3,"name":"Zoom: Every Security Issue Uncovered In The Video Chat App"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/34405","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=34405"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/34405\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/34406"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=34405"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=34405"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=34405"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}