Recently the Union home ministry has issued a warning raising a red flag for users of Zoom video-conferencing application and marked it as unsafe to use. Earlier, during the end of March, CERT-IN, India’s nodal cybersecurity agency had warned users about the vulnerabilities in the Zoom app.
In the current situation of lockdown due to Coronavirus pandemic, people are forced to work from home — they are using various communication and video conferencing apps to stay in touch and perform work from home activities. As such, Zoom, being one of the oldest available applications for video conferencing, is quite popular among its users. This current pandemic situation has made it all the more popular among millions of people worldwide.
This increased use of zoom has attracted the attention of cybercriminals and is being targeted by hackers the world over. Zoom application has a bad history of security flaws in its applications and the platform. In the past too, there have been a few serious security flaws discovered within the application.
What is the problem?
Recently in the past 2 months, there have been a few instances of serious vulnerabilities being reported in Zoom video conferencing software. The flaws such as UNC Path injection and SMBRelay techniques have made it riskier. The kind of attack that hackers are performing exploiting these flaws can compromise your Windows PC to steal login credentials of your computer, steal information from it and much more.
Amid this situation, it was also discovered by another hacker that Zoom’s iOS app sends users’ device information with Facebook, raising privacy concerns.
Recently during March-end, it was discovered that attackers have developed an automated tool called zWarDial which helps automate scanning of ongoing zoom meetings. Their goal is to find out meetings with no or weak passwords and enable access to these meetings for unauthorized attendees. With this tool easily available (sold on the dark web) there has been a surge in ‘ZoomBombing’ of meetings in the past 2 weeks — ZoomBombing is the term used when an individual gets the ability to hijack an ongoing meeting on the Zoom video-conferencing app.
Recently, there was news that 5,00,000 Zoom video conferencing user names and passwords were available on the dark web for sale.
In the current situation is it safe to use the Zoom video-conferencing app?
With so much attention by the hacking community, there has been sleeve of attacks on Zoom software with news about Zoom vulnerabilities and exploits being sold off the dark web for a few thousand dollars.
Hence, with so much happening around this video conferencing software, it is advisable to be very cautious while using Zoom.
Please follow the below steps:
- Ensure that you update your Zoom application on the PC as well as the app on mobile devices with the latest versions.
- Make sure you set a strong password for any zoom meetings that you schedule.
- Don’t share zoom meeting links over social media.
- Always end the meeting call and close the meeting — don’t just leave the meeting after it is over.
- Leverage on robust cybersecurity products to avoid cyberattacks.
Zoom guys have released patches/fixes for most of the reported vulnerabilities.
With the rise in the use of video conferencing software, hackers are going to target such platforms more aggressively. No matter what video conferencing software you use you have to be proactive about having strong passwords set and about using the latest updated software of the same. Also, having good security software installed and updated on your PCs and phones helps hugely to counter such attacks.