Skip to the content
W.Media
  • Home
  • Company
  • Conventions
  • Digital Events
  • Contact Us
  • Home
  • Company
  • Conventions
  • Digital Events
  • Contact Us
  • Tech News
  • Digital Week
  • Tech News
  • Digital Week
search
×

Did Zoom do enough to prevent their plague of security breaches?

Published 15 April 2020

0 comments

Stuart
W.media | editor
Share on Facebook Share
Share on TwitterTweet
Share on LinkedIn Share

Zoom’s boom in popularity has left the video-conferencing platform vulnerable to cybercriminals exploiting the fear, uncertainty and rise in remote working driven by the coronavirus outbreak.

The vulnerabilities include user’s data being shared with Facebook and Zoom calls from non-Chinese users ‘mistakenly’ routed through Chinese data centers.

The word ‘Zoombombing’ has even been coined, as conferencing streams are being hijacked by unwelcome guests. 

Reports have surfaced of an online geography lesson in Singapore that was allegedly hacked by two men who shared explicit images. The Ministry of Education has since suspended the use of Zoom for teachers.

Security and privacy concerns over Zoom led organisations like Google, Elon Musk’s SpaceX, the US Senate, the Philippines’ telecom giant PLDT and the Taiwanese Government to ban their workers from using Zoom.

The video-conferencing tool has also been hit with a class action lawsuit by a shareholder who accused Zoom of overstating its security measures and failing to disclose the service was not end-to-end encrypted. The lawsuit came after Zoom’s shares fell by 25% in recent days, despite a huge stock spike of more than 100% since January.

With the plague of security issues facing Zoom, it begs the question of whether Zoom did enough to prevent it.

Zoom’s vulnerabilities identified as early as last year

In June 2019, Check Point disclosed a security flaw where their researchers were able to predict a Zoom Meeting ID with a high chance of success to gain unwanted access to a call. 

While the IT security specialists said Zoom made changes to mitigate the flaw, this is identical to what is now known as “Zoombombing”.

Check Point’s Head of Security Engineering for APAC Gary Gardiner said: “We would never have disclosed vulnerabilities to the wider audience if we didn’t feel that the company, and Zoom in this case, had actually gone through the appropriate checks and balances and made the changes that we would have said they needed to make.”

Zoom is making a number of changes, including upgrading their encryption and hiding meeting IDs.

Mr Gardiner added applications can still be vulnerable during a product’s development. These flaws can be exploited by threat actors particularly when a platform gains popularity very quickly like Zoom during the coronavirus outbreak.

Zoom’s daily usage went from 10 million meeting participants in December 2019 to a massive 200 million in March 2020.

To add another vulnerability to Zoom’s growing list, Mr Gardiner said he is seeing numerous copycat domains posing as the video communications provider. During the past week alone, Check Point witnessed a huge increase of more than 1,700 in domains with the word “Zoom” in the URL.

Zoom is not the only platform exploited by cybercriminals. Mr Gardiner discovered that Office 365 is a prime example of where threat actors are replicating websites which look like the real deal to steal corporate organisations’ credentials. 

He added that cyberattacks on mobile devices are increasing. This is because the URLs are much smaller and applications by organisations like OTT providers are easy to replicate.

As a security professional, Gary said he would like to see organisations like Zoom provide more online education for users to understand how to protect themselves.

How can you stay safe when using Zoom?

To stay safe online, some of the responsibility comes down to the user.

Mr Gardiner said: “From what we have seen with Zoom, there have been some basics that end users haven’t done very well.”

To stay safe when using Zoom and similar platforms, consider the following recommendations:

  1. Password protect your meetings and do not use the same password twice
  2. Use a randomly generated meeting ID provided by Zoom
  3. Lock your meetings once everyone has joined
  4. Only allow authenticated users from the same domain as your own  to join sensitive meetings
  5. Beware of copycat domains – check for spelling errors in the URL

Join in the cybersecurity conversation

The coronavirus outbreak has put into question the present and future state of the cybersecurity industry. With the threat of global attacks rising, the need for a strong cybersecurity plan is more important now more than ever.

Join industry experts for the free W.Media Inside Asia: Technology & Market Next Moves Power Talk on 30th April to explore the impacts of the pandemic on data centers, cloud, 5G, and cybersecurity. And discuss how we can survive and thrive in the post-coronavirus world.

Receive the latest news.

We'll keep you in the loop.

Great! now press

Featured Articles


DreamMark1: Shaping Korea’s tech dreams


How Edge Computing will exponentially grow the China market


Back To Tech News

More Articles

OVHcloud unveils APAC expansion plans

European data center services provider OVHcloud has upped... Read More

Panopto expands cloud video solutions with new data center in Australia

Equinix has beat analyst estimates for Q3 2020 and has... Read More

Netskope welcomes cybersecurity experts to the team amid Asia Pacific expansion

Netskope, a leading security cloud provider, announced... Read More

Toyota and Amazon Web Services partner to build cloud-based mobility services

Toyota and Amazon Web Services (AWS) have announced they... Read More

Logo

W.Media is Global B2B Tech Marketing
Company & Community Hub,

We Specialize in PR, Digital Media Marketing and Events Coordination
for the Cloud/IT, Datacenter, & Digital Transformation Industries.

  • facebook
  • linkedin
Quick Links
  • Company
  • Contact Us
  • Privacy Policy
  • Terms & Conditions
Offerings
  • Tech News
  • Digital Events
  • Conventions
  • Digital Week

Copyright © 2020 W.Media | All Rights Reserved

Receive the latest news.

We'll keep you in the loop.

Great! now press