Zoom is seeing increased usage, exposing its major security flaws - The UpStream

Zoom is seeing increased usage, exposing its major security flaws

posted Saturday Apr 4, 2020 by Scott Ertz

Zoom is seeing increased usage, exposing its major security flaws

Teleconferencing platform Zoom has been around for a few years, but it has gained popularity care of the current work from home scenario. While there's a lot of excitement around the app, there isn't anything particularly special about it. That is assuming you don't consider the constant and massive security issue in the platform.

Since the increased usage, new security issues have been discovered. The biggest issue is inherent in the design of the platform. Being referred to as zoombombing or zoom-bombing, it involves people who are not supposed to be part of a Zoom call joining the call and causing havoc. This can be done one of two ways. The most common is by randomly entering numbers until a call opens. This means that the bomber doesn't know what they are getting into but can still start posting inappropriate comments and photos. Even before the current environment, I have been involved in Zoom calls that had been zoombombed.

A more targeted but limited attack surface is by watching the social media feeds of people who don't know how to use the internet. This has included prime ministers and other government officials, corporate executives, etc. These people share photos or screenshots of their Zoom conferences in some misguided attempt to look like they are still doing work in the wake of COVID-19. However, what they are doing is exposing the conference ID for their call, making it easy for anyone to join and disrupt.

In addition to posting inappropriate content, bombers were taking advantage of another issue in the Zoom platform. By including a malicious link into the chat of these random or targeted conferences, bombers were able to gain access to security information on the user's computer. That information includes computer passwords, in many cases exposing an entire computer network to vulnerability. By gaining access to a corporate or government user's credentials, an extended level of damage can be created. After extended knowledge of the issue, the company finally patched the flaw once the issue was publicly covered by tech publications.

This is not the first time Zoom has had serious security issues. Last year, another security vulnerability was discovered which allowed attackers to activate a Zoom call on another user's computer with the camera activated without the user's permission or knowledge. The issue only affected users of Zoom on macOS but was knowingly exploited.

Because the company is so susceptible to security and privacy violations, I have repeatedly recommended that people use another platform. There are plenty of other, better services that provide the same capability without the problems we see with Zoom. Try Skype, Teams, Slack, Google Hangouts, or Facebook Messenger instead.


Login to CommentWhat You're Saying

Be the first to comment!

We're live now - Join us!



Forgot password? Recover here.
Not a member? Register now.
Blog Meets Brand Stats