Like most people, you’re probably using Zoom to organize or attend virtual meetings. This is because the world is under lockdown due to the Coronavirus pandemic. But, in the past few weeks, there have been concerns about Zoom security issues for those using this platform to host virtual social gatherings, online classes, and meetings.
This issue is affecting a large number of people. That’s because Zoom is arguably the most popular of these types of platforms. That’s because it’s easy to set up and allows you to add up to 100 people to a single meeting.
Unfortunately, this also makes Zoom attractive for cybercriminals who are now “bombing” public Zoom meetings. A lot of online security experts say that the Zoom platform has a lot of online security holes for troublemakers to exploit.
These Zoom security issues are also caused by a lackluster privacy policy. This allows the platform to use user data as they see fit.
This has obviously led to a backlash from Zoom users. It includes several public schools in New York City which have since banned the organization of public Zoom meetings. This trend was followed by distance learning platforms from Singapore and other countries.
These and other Zoom security issues and privacy concerns have led people to seek out alternative platforms such as Skype instead of Zoom. This is because it’s a safer albeit older video conferencing app. There’s also Google Hangouts which some people are using as well.
Zoom is Safe to Use
These Zoom security issues are a major source of concern to people who’re starting to think that this platform is unsafe to use at all. Truth is, it’s not that black and white.
Zoom is generally safe if you have nothing to hide, especially if what you’re discussing is mostly public knowledge anyway. However, it might be problematic for users who are discussing sensitive information such as corporate or state secrets for example.
For people who use Zoom as a platform for workplace meetings, get-togethers, and school classes, Zoom is relatively safe to use. Kids will absolutely love this platform. It comes with the ability to integrate a wide variety of fun Snapchat filters.
However, it’s important to use Zoom with full knowledge of the risks associated with it including hackers that might try to infiltrate your devices and coming across several fake Zoom domains complete with Zoom-themed malware that will affect the devices involved.
The good news is that Zoom is fixing these loopholes as soon as they’re identified. This is in an effort to make their platform safer for people to use. And Zoom really needs to get on with the act of cleaning up its platform. It should make it safer because it’s becoming increasingly popular as a conferencing tool due to its ease of use and features.
Zoom Will Fix All Issues
According to the founder and CEO of Zoom Eric S. Yuan, the platform is aware of the safety loopholes and how they’re affecting user security. During the same interview, Yuan stated that they’d be placing all platform development on hold. This is until they deal with the privacy and security issues faced by users.
According to Yuan, they’re well aware of the blunders they’ve allowed to happen. They failed to apply the right security and privacy measures. The company admitted that they initially developed the software for large enterprises that had experienced in-house IT staffers who could navigate the software with better stealth.
Yuan also stated that they now have an unexpectedly larger group of users who’re utilizing the software which presents very unique challenges that they could never have predicted when creating it. However, this is a good thing because it means that they’re able to uncover these loopholes in order to do something about it.
The company is now shifting its focus to privacy, safety and trust issues that have since emerged from the unbridled popularity of its platform.
Zoom has announced that it would conduct a wide-ranging review of these different aspects. This is with the help of the actual users and third-party experts. This process has been activated to ensure that Zoom will offer better security and privacy in the future.
Some of these safety features have already been activated and include things like default passwords for all Zoom meetings. But, being a liberal platform Zoom still allows users to choose whether or not to activate this feature. However, it’s advisable to use this feature to avoid Zoom bombing.
According to the former chief security officer at Yahoo and Facebook, Alex Stamos, Zoom has approached him to collaborate on improving the platform’s privacy and security. Since stepping down from both Facebook and Yahoo, Stamos is now an adjunct Stanford professor who is highly respected within the IT security community.
Zoom Zero-Day Exploits Are on Sale
According to a report by Vice, hackers are at the point where they’re currently auctioning two-day Zoom exploits to unsuspecting users.
Then you have zero-day hacks that are designed to exploit software vulnerabilities that the platform developers haven’t yet discovered. A lot of these unscrupulous attacks are difficult to identify and defend against.
According to sources who came forward to Vice as well, the zero-day attacks are mainly targeting Windows users and are designed to allow cyber-attacks to happen directly on the user’s laptop or PC. However, you have to be on the same Zoom call with the attack in order to be affected and this activity has an asking price of up to $500,000.
According to the source, the perpetrators behind these attacks are likely bored kids who are just letting off some steam.
macOS users aren’t safe either because they’re faced with a similar zero-day attack which has not been fixed yet either.
500,000 Zoom Accounts Compromised
Criminal marketplaces around the world are currently selling or even giving away Zoom credentials, including 500,000 usernames and passwords.
This attack is known as credential stuffing and it’s not necessarily caused by a data breach on Zoom’s part. Basically, the wrongdoers do this by unlocking the accounts first in order to use the credentials from previously utilized and compromised accounts. However, this attack mainly works if a user utilizes the same credentials for several different accounts.
Basically, it’s not really Zoom’s fault that this is happening and its source is unknown.
2,300 Login Credentials Available Online
According to IngSights research data, there’s a certain online criminal platform where over 2,300 Zoom credentials are being shared. This is yet another in a long list of Zoom security issues that are a cause of concern among users.
This affects personal accounts and corporate accounts as well, which belong to software vendors, healthcare providers, educational facilities, consultancy firms and banks to name but a few.
Due to the small number of accounts related to this particular breach, there’s reason to believe that it doesn’t necessarily come from compromised Zoom software on the backend. It’s also worth noting that the credentials stolen were not the same.
Some included host keys, while others targeted meeting IDs, passwords and/or emails. A lot of these stolen credentials came from other companies or agency databases that are relatively small compared to the larger database that Zoom keeps.
Lastly, credential stuffing is characterized by an attempt by cybercriminals to login to a website using passwords and email address credentials that are “likely” to work, and use that to harvest the best possible results. Zoom is really not to blame here because its source and current status are unknown.
Compromised Accounts on Sale
According to a Yahoo news report, compromised Zoom accounts are being traded on the web by cybercriminals as we speak.
This is according to Sixgill, an Israeli based cybersecurity firm whose specialty is underground online criminal activity monitoring. Sixgill reportedly found 352 Zoom accounts that are compromised including host keys, passwords, email addresses, and meeting IDs. A lot of these were schools, health providers and small business accounts, in addition to numerous personal ones.
This particular attack doesn’t appear to be an actual bug. Users can attempt to protect themselves from it by using different passwords for each account that they use to login to Zoom.
The Installer is Full of Malware
Trend Micro researchers found a Zoom installer known as a coin miner. This is a type of malware that has the ability to mine cryptocurrencies.
This Zoom installer can help the user install version 4.4.0.0 of the Zoom platform on any Windows PC. But it also comes with a Trojan coin-miner known as Trojan.Win32.MOOZ.THCCABO.
This coin miner basically works by fast-tracking the central processor unit of your PC. If you have a graphics card, you can use it to generate new cryptocurrency units. You can even solve difficult mathematical problems. Some of its initial signs include an acceleration of the fans in your PC and a high CPU/GPU use on Windows Task Manager.
The best way to protect yourself from this malware is to install a quality antivirus software. Avoid clicking on suspicious links that ask you to join Zoom meeting or install the software on your laptop. This is definitely a problem that Zoom can fix but as of this writing, it hasn’t been addressed yet.
Conclusion
Zoom security issues are worth worrying about if you’re someone that uses the platform to organize or attend meetings.
It doesn’t matter if you use Zoom for personal or professional purposes, it’s important to ensure that you’re aware of these issues so you can protect yourself from them.
For the most part, these issues can only be fixed by the company itself. Some even require the users to be proactive by using good quality antivirus software and avoid clicking on sketchy Zoom invitations software “updates.”
Are you using Zoom at the moment? Let us know in the comments what you think about this platform!
