Let's talk about the ZOOM application for a moment ... The platform, which has recently become very popular, has attracted the interest of not only users but also hackers. In a new article on our blog, we write about the vulnerabilities of the ZOOM application. What do you think about it?
Vulnerabilities in the ZOOM application
The corona virus pandemic has completely changed the model of work and team meetings. In recent months the ZOOM application has become one of the most popular tools for remote meetings and teleconferences. Although it is undoubtedly a convenient and effective form of online communication, it brings with it risks. At the last DEF CON 28 conference one of the security researchers revealed a number of weaknesses of the application. Before you use ZOOM it is worth to be aware of their existence.
Weaknesses of the ZOOM application revealed
During the DEF CON 28 conference, one of the speakers admitted that he found and announced several vulnerabilities in ZOOM application. These vulnerabilities are largely related to the client using the Linux operating system. Fortunately, the degree of criticality of the vulnerabilities revealed was determined on a medium level. This is important given that the researcher also admitted that the attempt to patch and fix the vulnerabilities was awkward due to the difficult cooperation with the ZOOM application owner.
ZOOM at the sight of hackers
Recently, with the growing popularity of ZOOM applications, we can observe a period of susceptibility rash. At the end of July 2020 another person also revealed a weakness that had a much higher criticality level. It turned out in the application that there is a possibility of guessing pins, or passwords for meetings. Confidential meetings, protected by 6-digit security, were available for hackers attacking. They only needed a few computers to crack the meeting password and join it in a few minutes. Having access to all discussed issues hackers could not only eavesdrop, but also conduct harmful activities or disrupt the conference.
Ethical and unethical hackers
In this case, there was an ethical activity of hackers who detected the bug and reported it directly to the developers. The public announcement of vulnerability took place after the fault was fixed by ZOOM developers. However, you must remember the other side, i.e. unethical hackers who will use such vulnerabilities to carry out harmful activities. Today, we don't know if they didn't know about this vulnerability before and for some time, to detect and fix the error, they didn't obtain and use confidential data.
ZOOM's weaknesses – can you protect yourself from them?
Since the beginning of the pandemic the ZOOM application has been experiencing a real boom. The number of users has increased significantly within a few months. This has automatically translated into financial success for the company. It is worth knowing, however, that along with its popularity, the exposure to attacks and interest in the tool by unauthorized persons increased. Unfortunately, the average user is not aware of the vulnerability of applications and the level of risk when using online tools. As always in this case, caution and prevention is recommended, not to touch very confidential topics and to present sensitive data. Only in this way you are able to protect yourself from information leakage into the wrong hands.