If you’re currently using Zoom during the pandemic challenges to manage your business or schooling or various social engagements just check whether you are running the current version of this immensely popular video conferencing tool on your Windows, macOS, or Linux computers. Many betting Thailand players also use this tool to communicate with each other.
No, we are not talking about the arrival of the recently advertised “real” end-to-end encryption feature of Zoom, which seems to be available only to paid users. Instead, we will discuss the security vulnerabilities of the software that have been newly discovered.
As offices and schools across the globe has been temporarily shut during the coronavirus crisis, the popularity of this video platform Zoom is getting overnight success. But with the rise of its popularity, there are several security issues which have been noticed as well.
Experts like Arvind Narayanan who is an associate computer science professor at Princeton University has spoken about the security vulnerabilities of Zoom. According to him, if users want to keep their account privacy safe, they must consider video chat options very carefully.
Zoom – A brief overview
A California based company launched Zoom App in 2019 when its estimated value was $16bn. It soon became the most widely used option for business meetings and other online events following shelter-in-place orders this year amid Covid 19 crisis.
Some undeniable reason behind its ever increasing popularity includes it’s easy to use features. It lets the attendees’ share the videos publicly from anywhere and viewers other than participants need not to download the software on their devices to watch the event free. It’s a great facility if the content is not private. Another reason why people like it over other video calling apps is it lets a conference host add up to 100 participants. The audio and video clarity is also crystal clear. Through this platform one can spend a virtual happy hour with friends or participants. Recently the company has made a small change for security reasons. It now requires passwords to join meetings.
Zoom- Security Issues
In Spite of its high demand Zoom also has had some serious issues regarding privacy and security. It is reported that hackers often enter the chat rooms to abuse other users with racist comments and violent threats.
Cyber security researchers from Cisco Talos has identified two critical vulnerabilities in the Zoom app that would have enabled hackers to attack the systems of group meeting participants or any other individual recipient remotely.
Experts claim these flaws are path traversal vulnerabilities that hackers exploit to write or plant arbitrary files on the systems to manipulate the web application and gain access to sensitive information.
Researchers found that to successfully exploit these flaws it takes zero or very little interaction from the targeted chat room participants. They only need to send maliciously crafted messages through the chat option to an individual or a group.
The first security vulnerability (CVE-2020-6109) was found regarding the way Zoom leverages GIPHY service. GIPHY has been recently acquired by Facebook. It enables users to search and exchange animated GIFs in chat messages. Researchers encountered that Zoom application did not pay attention whether a shared GIF image is loading from Giphy service or not. This flaw helped a hacker to embed GIFs from a malicious third-party server. Moreover, Zoom software was also lacking filename sanitizing, which also helped hackers to achieve directory traversal, storing malicious files hidden as GIFs to any area on the victim’s system, for example, the system folder.
Another remote code execution vulnerability (CVE-2020-6110) discovered in the method flawed versions of the Zoom application process code snippets shared using the chat feature.
The company had to fix those technical flaws that would have helped hackers to unlock a Zoom user’s Mac. Zoom has patched both glaring flaws with the release of version 4.6.12 of this video chat app for Windows, macOS, or Linux computers.It modified some of the policies after a news report was published alleging Zoom, that it sends data from its iOS users to Facebook for advertising purposes.
Chief executive of Zoom, Mr. Eric Yuan has said in a recent blog post that he felt “deeply sorry” for inconveniences of the users due to “privacy and security issues.
He also explained, as the company could not anticipate the sudden surge in the worldwide demand for their online video conferencing app due to the lockdown crisis, so they could not design the system keeping in view that the system can be exploited by its new user base in so many unexpected ways.
Zoom has removed some controversial features as well. This includes an “attention-tracking” option that notifies a host as soon as the system suspects a call participant is trying to access elsewhere.
Some users also complained about Zoom’s default settings. These settings allow any zoombomber on a call to abruptly blast hateful text and images onto other users’ computers through its screen-sharing feature. Initially this feature was created for its core user base of businesses. in the current situation Zoom changed that default for schools, allowing only the teachers to take classes by sharing their screens.
The video host can also record the call without participants’ explicit approval. Call participants are notified when the conference video recording starts and if they wish to leave the class.
Zoom representatives assure that the company does not monitor online meetings and saves chat messages and video recordings only if hosts initiate such storage. Videos are recorded on Zoom’s servers or the host’s device, and participants are notified if the host plans to record the live stream.
Despite the fact that hackers have gained over half a million account login details of Zoom users and put them on the dark web, its rise in user base still continues. It has turned out to be the best social app during Covid19 lockdown. Unless you are discussing about something strictly private or some sensitive information that can be dangerous when leaked, you can safely use it. Next time when you use it for teleconferencing, ask the participants to sign in with a password. That will make it less vulnerable to Zoom bombing.