Security researcher Patrick Wardle says he's found two new "Zero Day" vulnerabilities in popular video chat service Zoom - one of which allows a hacker to take control of a Mac user's microphone and camera.
Wardle, a Johns Hopkins' Computer Science post-grad billed as an ex-US National Security Agency (NSA) hacker, says although the user-friendly Zoom has become wildly popular during Covid-19 "It has a rather dismal security and privacy track record."
A spokeswoman for Zoom told the Herald, "We are actively investigating and working to address these issues [raised by Wardle]. We are in the process of updating our installer to address one issue and will be updating our client to mitigate the microphone and camera issue."
Wardle's accusations are just the latest in a series of privacy and security controversies centred on Zoom.
Kiwi security expert Daniel Ayers has questioned why our security agencies have approved the use of Zoom for our Prime Minister and Cabinet to discuss information classed as restricted.
Ayers has highlighted controversy over what he sees as Zoom's "misleading" claims about encryption and called on the GCSB to investigate alternatives.
The latest problems follow another vulnerability, exposed earlier this month, that allowed an attacker to steal a Zoom user's Windows credentials without them being aware.
The Covid-19 crisis has cast a spotlight on Zoom, a company founded nine years ago by its CEO Eric Yuan, now 50, after he defected from US company Cisco Systems and took about 40 engineers with him.
Yuan wanted to refine a concept he first dreamed up during the 1990s as a college student in China, when he dreaded the 10-hour train trips to see his then-girlfriend, now his wife.
Now Zoom is booming, just 11 months after it made its debut on the stock market. While the Standard & Poor's 500 index has fallen by 25 per cent since its record high on February 19, Zoom's stock has soared around 46 per cent as investors bet on its service becoming a mainstream staple in life after the coronavirus.