Covid-19 & APT

Zoom cybersecurity vulnerabilities

The advice and support from the UK government has directed a massive national transformation and shift for the day to day operations of most businesses. 

Most businesses and organisations are making use of working from home, allowing them to operate in current circumstances while building greater trust with employees.

The critical element that has allowed remote working to be effective for most organisations is due to advanced technology /software and forward-thinking staff. A popular video conferencing tool is Zoom Video Communications.

 

What is Zoom?

Zoom is an American based digital communications business that provides a cloud-based tool for online chat services and video conference telephony. Each chat can have up to 500 attendees.

Zoom is available on a variety of platforms and operating systems such as Mac OS and Windows OS. Like its rivals, Microsoft Teams and Cisco WebEx meetings claim to be the leader in modern enterprise video communications, with an easy and reliable cloud platform for video and audio conferencing.  

Zoom has appeared frequently in recent news for its security flaws leading to the exfiltration of confidential data via attacker access to webcam and audio facilities on previous versions of the application. Also, uninvited people can join a meeting if the Zoom app is not used carefully.

Even though Zoom has claimed to be a reliable cloud platform, the security flaws have caused a negative impact on the remote working culture.

 

Zoom Vulnerabilities (Past & Present)

Zoom has a record of security flaws that have been widely recognised due to the compromising of confidentiality, integrity, and availability of features and functions as well as data within Zoom Meetings.

If Zoom meetings are or have been part of your communication platforms during remote working, then you may be susceptible to these security flaws and threats.  With the value of your personal and business data, this may be a significant breach of confidentiality and a significant negative impact on your organisation’s privacy.

Furthermore, it is believed that Zoom is frequently working on patches to mitigate the security flaws within its application, intending to be a reliable cloud platform for conferencing. On 27th April 2020, Zoom released Version 5.0.0 (23168.0427) a patch for security flaws for issues where a subset of scheduled meetings was deleted when an invitee with scheduling rights declined the invitation.  Another Security flaw that reached the attention of many users is the UNC vulnerability that compromises Windows credentials.

Zoom patched a fatal error in the Zoom Windows client that permitted attackers to use its messaging feature to share malicious links that once clicked will leak the Windows network credentials of the victim.

Google security researcher Tavis Ormandy established that this vulnerability could also be used to launch any program already accessible on a targeted computer or execute arbitrary commands. Fortunately, the vulnerability is patched in the Zoom Windows client version: 4.6.9 which has been available since 2nd April 2020.

Current Vulnerabilities

Currently, we have found a vulnerability listed on their security page that gives us an insight into the current vulnerabilities that could affect your users.

Zoom help centre states: “Zoom was notified by a security researcher that several malicious Chrome and Firefox browser extensions capture browsing activity, which was then sold to members of an online service such as the Dark web. This is not a Zoom vulnerability, but rather a malicious browser extension mistakenly installed by Chrome users that would upload details of their browser history. Given the scale of Chrome and Firefox users, it is not surprising that some of the affected Chrome and Firefox users have hosted or joined Zoom meetings. Among the many websites observed were Zoom meeting URLs visited by users who had these browser extensions. From these URLs, it was possible to collect information, potentially including meeting URLs (including meeting IDs), page titles, referrers, visitors’ internet service provider (ISP), city, state, network domain, and timestamp of the visit”.

As a matter of attention, it is suggested to change your recurring meeting links and meeting passwords as well as remove and review any suspicious browser extensions.

For further reading on support and guidance on this matter feel free to access the Zoom help centre.

 

What is advised when using Zoom?

When using Zoom Meetings, security should be taken into consideration when using the application.

This will help mitigate any threats to the privacy of your data and users. Ideally, it is always recommended to use the latest version of Zoom, this will help ensure that all available patches have been implemented against any known vulnerabilities.

Additionally, due to historic credential breaches, existing users and business users who use Zoom for remote working should change their existing passwords as a caution. 

Best practices within the Zoom application include:

  • Require a Password to join meetings.
  • Only allow registered or Domain Verified Users, therefore giving you peace of mind by letting you know who will be attending your meeting.
  • Do not use Personal Meeting ID for Public Meetings.

The official Zoom Best practices guide has all the information you need to make sure you are as safe as possible using the software.

For further information on how to protect your business contact OmniCyber Security today.

Contact us..

Related Articles