Zoom security issues: What's gone wrong and what's been fixed | Tom's Guide.
Looking for:
Is zoom app secure.Is Zoom Secure? Breaking Down 10 Zoom Security Issues
Is zoom app secure. Zoom security issues: What's gone wrong and what's been fixed
Our Cyber Incident Response service provides the help you need to deal with the threat, as our experts guide you through the recovery process. But software vulnerabilities are just one of the many issues you should be concerned about. And do they understand the dangers of phishing scams? Luke Irwin is a writer for IT Governance. Until recently, you had probably never heard of the video conferencing software Zoom. So, which side of the divide should you be on? It prompted Zoom CEO Eric Yuan to respond to concerns in April , freezing feature updates to address security issues over a day update rollout.
Zoom saw explosive growth at the time, increasing its ranks from 2, to 6, employees from February to December By the end of Zoom's hiring boom, the software had become the first video communications client to attain Common Criteria certification, an international cybersecurity standard awarded after rigorous analysis. Though Zoom has added these and other security features like end-to-end encryption , there are still a few things you should watch out for to keep your chats as private as possible.
For paid subscribers, Zoom's cloud recording feature can either be a life-saver or a catastrophic faux pas waiting to happen. If the feature is enabled on the account, a host can record the meeting along with its text transcription and a text file of any active chats in that meeting, and save it to the cloud where it can later be accessed by other authorized users at your company, including people who may have never attended the meeting in question.
Zoom does allow a narrowing of the audience here, however. Administrators can limit the recording's accessibility to only certain preapproved IP addresses, even if the recording has already been shared. Participants can also see when a meeting is being recorded. In the spring of , Zoom rolled out two privacy improvements aimed at making users more aware of whether a meeting is being recorded. During a meeting, you can now look at the bottom of your in-app chat window near the text field where -- if the meeting is being recorded -- you'll see the message "Recording On.
Zoom also introduced a digital stop sign to alert people to bigger potential privacy exposures, in the form of a pop-up notification. When entering a meeting that is being recorded or streamed live, a window will appear informing you of the meetings status and you'll first be required to consent to being recorded before you can proceed. If hackers use such code, they can turn any Mac device into a spying machine with Zoom.
Security researcher Felix Seele also shared his concerns about the way Zoom behaves like malware. He also said that Zoom can give unauthorized users root access.
Mac hacker Patrick Wardle showed how local unauthorized people can secretly tamper with or replace binary codes to gain root privileges. Both Zoom and Apple have fixed that bug in their updates. Zoom changed its localhost web server settings, which allowed Mac users to uninstall the Zoom app manually from the menu bar.
Seele also wrote a tweet saying that Zoom has fixed the auto-installation issue. After that, Motherboard the platform that discovered the data sharing in the first place has confirmed in its article that Zoom has removed all of the codes and the Facebook SDK to prevent such sharing in the future. However, there was another data handing issue Zoom was dealing with. On April 13, , Bleeping Computer published an article mentioning that the data for more than , Zoom accounts was up for sale on the dark web.
Zoom had a security vulnerability that could allow hackers to execute cross-site request forgery CSRF and crack its six-digit meeting password in just half an hour. In the same blog post, Anthony shared that Zoom took the web client offline and fixed the vulnerability. Furthermore, Zoom has also allowed users to manually change the default password and make it more complex by adding extra characters. Bugs are a common issue with different applications and software.
Talos, a cybersecurity firm, noticed that hackers could send malware by creating GIF files and code snippets. Another problem was, Zoom was allowing users to send any type of files in its chat box, including:. These file types can easily transport malicious codes and corrupt the device wherever they are stored. However, where file types are concerned, Zoom has left the meeting hosts to decide which file types they would like to allow participants to share in chat.
Is Zoom secure? This Zoom screenshot shows how specific types of files can still be shared through the in-meeting chat feature. This gives meeting hosts the ability to limit which file types users can share. Part of the issues stems from the fact that Zoom meeting recordings are easily accessible on the cloud through predictable URL patterns. This is true even after you have deleted such videos from your account.
However, the structure of Zoom meeting URLs is still the same. All good applications have anti-tampering mechanisms to protect their systems from cyber attacks. A third-year college student wrote an article on syscall. DLL is a piece of software that consists of commands and codes. In summary, the data stays in the US only. There is something similar by Microsoft for Microsoft Teams. Ensure you do your research. They are either PDFs or websites.
At Cyber Management Alliance, we regularly conduct Cyber Crisis Tabletop Exercises for clients including banks, councils, sporting organisations, pharmaceuticals and more. Before the Covid pandemic, we conducted most tabletop exercises at the customer site or in special offsite locations. Since the beginning of March , we switched all cyber tabletop sessions to remote and started using Zoom. At that time it was the only one that offered breakout room functionality, a feature we rely on for successful tabletop and incipient response testing exercises.
For the record, we have also used MS Teams and Google Meet for conducting crisis tabletop exercises without too many issues. Consequently, most, if not all staff, are out of office, at home or travelling. Pandemic or not, testing of Incident Response Plans through a virtual conference room only makes sense.
In our opinion, Zoom is pretty seamless, it rarely has technical glitches if everyone has a decent internet connection, you can share screens, put people in waiting rooms or breakout rooms, making it ideal for managing a cyber crisis, especially in the current business environment.
Better Alternatives to Zoom? Yes, there are too many to list here.
Comments
Post a Comment