Video conferencing app Zoom, in the coronavirus pandemic is an indispensable tool. However it’s privacy and security issues is a serious concern. Read on to know more…
Video conferencing app Zoom, in the coronavirus pandemic is an indispensable tool for every users working from home. However, Zoom app, which has seen its popularity skyrocket in the coronavirus pandemic, is in trouble after users complained to the FBI and security experts for the lack of users privacy and security.
Vulnerabilities
According to a recent report, Zoom app is prone to hacking, saying an unpatched bug can let hackers steal users Windows password. ‘The Hacker News’ reported that ‘Zoom client for Windows’ is vulnerable to the ‘UNC path injection’ vulnerability that could let remote attackers steal login credentials for victims’ Windows systems. The report added that the latest finding by cybersecurity expert @_g0dmode, has also been “confirmed by researcher Matthew Hickey and Mohamed A. Baset,’
Another media report claimed that Zoom doesn’t use end-to-end encryption to protect calling data of its users.
Working Mechanism
The attack involves the “SMBRelay technique” wherein Windows automatically exposes a user’s login username and NTLM password hashes to a remote server, when attempting to connect and download a file hosted on it. The report claimed that “The attack is possible only because Zoom for Windows supports remote UNC paths, which converts such potentially insecure URLs into hyperlinks for recipients in a personal or group chat,”
Besides Windows credentials, the vulnerability can also be exploited to launch any programme present on a targeted computer.
FBI Warning
The US Federal Bureau of Investigation (FBI) has warned people about porn material being popped up during the video meetings — as businesses, schools and colleges and millions of SMBs use video conferencing tool Zoom during the work-from-home scenario.
The Zoom app late last month updated its iOS app to remove the software development kit (SDK) that was providing users’ data to Facebook through the Login with Facebook feature.
Mitigation
Zoom has been notified of the latest bug but the flaw is yet to be fixed. “Users are advised to either use an alternative video conferencing software or Zoom in your web browser instead of the dedicated client app,” said the report.
Security experts suggested some measures for enhancing the security of Zoom meetings which included: Keeping the Zoom software patched and up-to-date and always set strong, difficult-to-guess and unique passwords for all meetings and webinars. This is especially recommended for any meetings where sensitive information may be discussed.
One can enable ‘waiting room’ feature so that the call manager will have a better control over participants; all participants can join a virtual ‘waiting room’, but they will be approved by call manager to be part of the actual meeting.
Operators of the platform can disable the ‘join before host’ feature as that lets others to continue with a meeting in the absence of an actual host this option enables the first person who joins the meeting to automatically become the host and will have full control over the meeting. Alternatively, ‘scheduling privilege’ may be given to a trusted participant to host the meeting in the absence of an actual host.