Posted: by Bartłomiej Balcerak

Let's talk about the ZOOM application for a moment ... The platform, which has recently become very popular, has attracted the interest of not only users but also hackers. In a new article on our blog, we write about the vulnerabilities of the ZOOM application. What do you think about it?

Vulnerabilities in the ZOOM application

The corona virus pandemic has completely changed the model of work and team meetings. In recent months the ZOOM application has become one of the most popular tools for remote meetings and teleconferences. Although it is undoubtedly a convenient and effective form of online communication, it brings with it risks. At the last DEF CON 28 conference one of the security researchers revealed a number of weaknesses of the application. Before you use ZOOM it is worth to be aware of their existence.

Weaknesses of the ZOOM application revealed

During the DEF CON 28 conference, one of the speakers admitted that he found and announced several vulnerabilities in ZOOM application. These vulnerabilities are largely related to the client using the Linux operating system. Fortunately, the degree of criticality of the vulnerabilities revealed was determined on a medium level. This is important given that the researcher also admitted that the attempt to patch and fix the vulnerabilities was awkward due to the difficult cooperation with the ZOOM application owner. 

ZOOM at the sight of hackers

Recently, with the growing popularity of ZOOM applications, we can observe a period of susceptibility rash.  At the end of July 2020 another person also revealed a weakness that had a much higher criticality level. It turned out in the application that there is a possibility of guessing pins, or passwords for meetings. Confidential meetings, protected by 6-digit security, were available for hackers attacking. They only needed a few computers to crack the meeting password and join it in a few minutes. Having access to all discussed issues hackers could not only eavesdrop, but also conduct harmful activities or disrupt the conference. 

Ethical and unethical hackers

In this case, there was an ethical activity of hackers who detected the bug and reported it directly to the developers. The public announcement of vulnerability took place after the fault was fixed by ZOOM developers. However, you must remember the other side, i.e. unethical hackers who will use such vulnerabilities to carry out harmful activities. Today, we don't know if they didn't know about this vulnerability before and for some time, to detect and fix the error, they didn't obtain and use confidential data. 

ZOOM's weaknesses – can you protect yourself from them?

Since the beginning of the pandemic the ZOOM application has been experiencing a real boom. The number of users has increased significantly within a few months. This has automatically translated into financial success for the company. It is worth knowing, however, that along with its popularity, the exposure to attacks and interest in the tool by unauthorized persons increased. Unfortunately, the average user is not aware of the vulnerability of applications and the level of risk when using online tools. As always in this case, caution and prevention is recommended, not to touch very confidential topics and to present sensitive data. Only in this way you are able to protect yourself from information leakage into the wrong hands.

 

Lemlock ebook. Expert Guidebook: Three vievs on cybersecurity
Are you interested in a comprehensive solution
for your data security?
Consent to  data processing for contact purposes
I confirm that I have read the  information clause of Sagiton Sp. z o.o.

I hereby give consent to the processing of my personal data by the Personal Data Controller (hereinafter: "PDC") – Sagiton Sp. z o.o. ul. Fabryczna 19, 53-609 Wrocław, within the scope of: full name, e-mail address or telephone number, for the purpose of sale of products and services of Sagiton Sp. z o.o. and for the purpose of sending me feedback and making contact with me by Sagiton Sp. z o.o.

At the same time, I acknowledge that: at any time I can request the removal of my personal data from the PDC Sagiton Sp. z o.o. database, by sending an e-mail to hello@sagiton.pl, or a letter to Sagiton Sp. z o.o., ul. Fabryczna 19, 53-609 Wrocław, with a statement containing the relevant request, which shall result in the deletion of my personal data from the PDC Sagiton Sp. z o.o. database; I have the right to access my data; providing my data is voluntary, however refusal to provide it is tantamount to not receiving information regarding sale of products and services of Sagiton Sp. z o.o., as well as not receiving feedback and making contact with me by Sagiton Sp. z o.o.

In accordance with Art. 13 section 1 of the General Data Protection Regulation of 27 April 2016, (GDPR), we would like to inform you that the controller of your personal data is Sagiton Sp. z o.o. with its registered office at ul. Fabryczna 19, 53-609 Wrocław, e-mail: hello@sagiton.pl.

Your personal data shall be processed within the scope of: full name, e-mail address and/or telephone number in order to answer your question/request for contact and send feedback – pursuant to Art. 6 section 1 (a) of the GDPR, i.e. consent to the processing of personal data.

The data controller would like to inform you that your personal data shall not be disclosed to third parties.

Your data shall not be transferred outside of the European Economic Area or to international organizations.

Your personal data shall be processed until you withdraw your consent to the processing of data, as well as if the purpose for processing this data shall no longer be applicable.

You have the right to access your personal data, rectify it, delete it, restrict its processing, the right to transfer it, as well as the right to object.

In the case of giving your consent, you have the right to withdraw it at any time. Exercising the right to withdraw the consent does not affect the processing carried out before the consent was withdrawn.

You have the right to lodge a complaint with the supervisory body, i.e. the President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw.

Providing your personal data is a prerequisite for making contact with you by Sagiton Sp. z o.o. with its registered office at ul. Fabryczna 19, 53-609 Wrocław. In the case of not providing your personal data, Sagiton Sp. z o.o., shall not be able to contact you.

The Data Controller, Sagiton Sp. z o.o., would like to inform you that they shall not use your personal data for automated decision-making, which is based solely on automated processing, including profiling, and has legal effects for you or affects you significantly in a similar way.

Let's stay in contact