Zoom’s boom in popularity has left the video-conferencing platform vulnerable to cybercriminals exploiting the fear, uncertainty and rise in remote working driven by the coronavirus outbreak.
The vulnerabilities include user’s data being shared with Facebook and Zoom calls from non-Chinese users ‘mistakenly’ routed through Chinese data centers.
The word ‘Zoombombing’ has even been coined, as conferencing streams are being hijacked by unwelcome guests.
Reports have surfaced of an online geography lesson in Singapore that was allegedly hacked by two men who shared explicit images. The Ministry of Education has since suspended the use of Zoom for teachers.
Security and privacy concerns over Zoom led organisations like Google, Elon Musk’s SpaceX, the US Senate, the Philippines’ telecom giant PLDT and the Taiwanese Government to ban their workers from using Zoom.
The video-conferencing tool has also been hit with a class action lawsuit by a shareholder who accused Zoom of overstating its security measures and failing to disclose the service was not end-to-end encrypted. The lawsuit came after Zoom’s shares fell by 25% in recent days, despite a huge stock spike of more than 100% since January.
With the plague of security issues facing Zoom, it begs the question of whether Zoom did enough to prevent it.
Zoom’s vulnerabilities identified as early as last year
In June 2019, Check Point disclosed a security flaw where their researchers were able to predict a Zoom Meeting ID with a high chance of success to gain unwanted access to a call.
While the IT security specialists said Zoom made changes to mitigate the flaw, this is identical to what is now known as “Zoombombing”.
Check Point’s Head of Security Engineering for APAC Gary Gardiner said: “We would never have disclosed vulnerabilities to the wider audience if we didn’t feel that the company, and Zoom in this case, had actually gone through the appropriate checks and balances and made the changes that we would have said they needed to make.”
Zoom is making a number of changes, including upgrading their encryption and hiding meeting IDs.
Mr Gardiner added applications can still be vulnerable during a product’s development. These flaws can be exploited by threat actors particularly when a platform gains popularity very quickly like Zoom during the coronavirus outbreak.
Zoom’s daily usage went from 10 million meeting participants in December 2019 to a massive 200 million in March 2020.
To add another vulnerability to Zoom’s growing list, Mr Gardiner said he is seeing numerous copycat domains posing as the video communications provider. During the past week alone, Check Point witnessed a huge increase of more than 1,700 in domains with the word “Zoom” in the URL.
Zoom is not the only platform exploited by cybercriminals. Mr Gardiner discovered that Office 365 is a prime example of where threat actors are replicating websites which look like the real deal to steal corporate organisations’ credentials.
He added that cyberattacks on mobile devices are increasing. This is because the URLs are much smaller and applications by organisations like OTT providers are easy to replicate.
As a security professional, Gary said he would like to see organisations like Zoom provide more online education for users to understand how to protect themselves.
How can you stay safe when using Zoom?
To stay safe online, some of the responsibility comes down to the user.
Mr Gardiner said: “From what we have seen with Zoom, there have been some basics that end users haven’t done very well.”
To stay safe when using Zoom and similar platforms, consider the following recommendations:
- Password protect your meetings and do not use the same password twice
- Use a randomly generated meeting ID provided by Zoom
- Lock your meetings once everyone has joined
- Only allow authenticated users from the same domain as your own to join sensitive meetings
- Beware of copycat domains – check for spelling errors in the URL
Join in the cybersecurity conversation
The coronavirus outbreak has put into question the present and future state of the cybersecurity industry. With the threat of global attacks rising, the need for a strong cybersecurity plan is more important now more than ever.
Join industry experts for the free W.Media Inside Asia: Technology & Market Next Moves Power Talk on 30th April to explore the impacts of the pandemic on data centers, cloud, 5G, and cybersecurity. And discuss how we can survive and thrive in the post-coronavirus world.