Zoom Vulnerabilities with Patrick Wardle

Zoom video chat has become an indispensable part of our lives. In a crowded market of video conferencing apps, Zoom managed to build a product that performs better than the competition, scaling with high quality to hundreds of meeting participants, and millions of concurrent users.

Zoom’s rapid growth in user adoption came from its focus on user experience and video call quality. This focus on product quality came at some cost to security quality. As our entire digital world has moved onto Zoom, the engineering community has been scrutinizing Zoom more closely, and discovered several places where the security practices of Zoom are lacking.

Patrick Wardle is an engineer with a strong understanding of Apple products. He recently wrote about several vulnerabilities he discovered on Zoom, and joins the show to talk about the security of large client-side Mac applications as well as the specific vulnerabilities of Zoom.

Sponsorship inquiries: sponsor@softwareengineeringdaily.com

Transcript

Transcript provided by We Edit Podcasts. Software Engineering Daily listeners can go to weeditpodcasts.com/sed to get 20% off the first two months of audio editing and transcription services. Thanks to We Edit Podcasts for partnering with SE Daily. Please click here to view this show’s transcript.


Sponsors

It’s hard to get engineering resources to build back-office apps, and even harder to get engineers excited about maintaining them. The idea is that all internal tools kinda look the same – they’re made of tables, dropdowns, buttons, text inputs, etc. Retool gives you a drag and drop interface so engineers can build these internal UIs in hours, not days, and spend more time building features customers will see. Visit retool.com/sedaily to learn more.

F5 Cloud Services builds fast, reliable load balancing and DNS services. F5 Cloud Services provides global DNS infrastructure for lightning fast access around the world. If you are looking for a scalable, high quality DNS provider, visit f5.com/sedaily, and get a free trial of F5 Cloud Services.

With Triplebyte, you do one online interview, and then you get to go straight to final interviews at hundreds of companies (from tech giants like Dropbox to exciting startups). It’s like the Common App for software engineers. No resume needed. Apply now at triplebyte.com/sedaily. If you take a job through Triplebyte, you’ll get a $1000 signing bonus.

DataStax provides DataStax Enterprise, a powerful distribution of Cassandra, created by the team that has contributed the most to Cassandra. DataStax Enterprise enables teams to develop faster, scale further, achieve operational simplicity, ensure enterprise security, and run mixed workloads that work with latest Graph, Search, and Analytics technology—all running across the hybrid and multi-cloud. To learn more about Apache Cassandra and DataStax Enterprise, go to datastax.com/sedaily