Did Zoom do enough to prevent their plague of security breaches?

By April 2020Cybersecurity, News

Did Zoom do enough to prevent their plague of security breaches?

Did Zoom do enough to prevent their plague of security breaches?

Zoom’s boom in popularity has left the video-conferencing platform vulnerable to cybercriminals exploiting the fear, uncertainty and rise in remote working driven by the coronavirus outbreak.

The vulnerabilities include user’s data being shared with Facebook and Zoom calls from non-Chinese users ‘mistakenly’ routed through Chinese data centers.

The word ‘Zoombombing’ has even been coined, as conferencing streams are being hijacked by unwelcome guests. 

Reports have surfaced of an online geography lesson in Singapore that was allegedly hacked by two men who shared explicit images. The Ministry of Education has since suspended the use of Zoom for teachers.

Security and privacy concerns over Zoom led organisations like Google, Elon Musk’s SpaceX, the US Senate, the Philippines’ telecom giant PLDT and the Taiwanese Government to ban their workers from using Zoom.

The video-conferencing tool has also been hit with a class action lawsuit by a shareholder who accused Zoom of overstating its security measures and failing to disclose the service was not end-to-end encrypted. The lawsuit came after Zoom’s shares fell by 25% in recent days, despite a huge stock spike of more than 100% since January.

With the plague of security issues facing Zoom, it begs the question of whether Zoom did enough to prevent it.

Zoom’s vulnerabilities identified as early as last year

In June 2019, Check Point disclosed a security flaw where their researchers were able to predict a Zoom Meeting ID with a high chance of success to gain unwanted access to a call. 

While the IT security specialists said Zoom made changes to mitigate the flaw, this is identical to what is now known as “Zoombombing”.

Check Point’s Head of Security Engineering for APAC Gary Gardiner said: “We would never have disclosed vulnerabilities to the wider audience if we didn’t feel that the company, and Zoom in this case, had actually gone through the appropriate checks and balances and made the changes that we would have said they needed to make.”

Zoom is making a number of changes, including upgrading their encryption and hiding meeting IDs.

Mr Gardiner added applications can still be vulnerable during a product’s development. These flaws can be exploited by threat actors particularly when a platform gains popularity very quickly like Zoom during the coronavirus outbreak.

Zoom’s daily usage went from 10 million meeting participants in December 2019 to a massive 200 million in March 2020.

To add another vulnerability to Zoom’s growing list, Mr Gardiner said he is seeing numerous copycat domains posing as the video communications provider. During the past week alone, Check Point witnessed a huge increase of more than 1,700 in domains with the word “Zoom” in the URL.

Zoom is not the only platform exploited by cybercriminals. Mr Gardiner discovered that Office 365 is a prime example of where threat actors are replicating websites which look like the real deal to steal corporate organisations’ credentials. 

He added that cyberattacks on mobile devices are increasing. This is because the URLs are much smaller and applications by organisations like OTT providers are easy to replicate.

As a security professional, Gary said he would like to see organisations like Zoom provide more online education for users to understand how to protect themselves.

How can you stay safe when using Zoom?

To stay safe online, some of the responsibility comes down to the user.

Mr Gardiner said: “From what we have seen with Zoom, there have been some basics that end users haven’t done very well.”

To stay safe when using Zoom and similar platforms, consider the following recommendations:

  1. Password protect your meetings and do not use the same password twice
  2. Use a randomly generated meeting ID provided by Zoom
  3. Lock your meetings once everyone has joined
  4. Only allow authenticated users from the same domain as your own  to join sensitive meetings
  5. Beware of copycat domains – check for spelling errors in the URL

Join in the cybersecurity conversation

The coronavirus outbreak has put into question the present and future state of the cybersecurity industry. With the threat of global attacks rising, the need for a strong cybersecurity plan is more important now more than ever.

Join industry experts for the free W.Media Inside Asia: Technology & Market Next Moves Power Talk on 30th April to explore the impacts of the pandemic on data centers, cloud, 5G, and cybersecurity. And discuss how we can survive and thrive in the post-coronavirus world.

Author

Receive the Latest News

Latest News

September 2020

Delta completes Vietnam’s first Uptime certified green data center

September 2020 | Data Center, News | No Comments
Taiwan-based power management solutions company Delta Electronics has completed Vietnam’s first Uptime certified green data center.  The data center took eight months to complete and is certified under the Uptime…
Read More
Cybersecurity
September 2020

CrowdStrike Survey: Majority of businesses in Thailand see cybersecurity as top priority

September 2020 | Cybersecurity, News | No Comments
US-based cybersecurity company CrowdStrike revealed nearly 80% of business leaders in Thailand view cybersecurity as the top priority in recovering after the COVID-19 pandemic. Conducted between May and June, the…
Read More
September 2020

South Korea’s Penta Security enters Indonesia market, signs deal with top tech distributor

September 2020 | Cybersecurity, News | No Comments
South Korean cybersecurity company Penta Security has entered the Indonesia market by signing a deal with the country’s top tech distributor for IT security products and solution, PT. Prospera Aswindra…
Read More
FPT Software
September 2020

FPT Software shines for Vietnam by winning big international awards

September 2020 | Digital Transformation, News | No Comments
FPT Software is shining for Vietnam after winning big at two international digital award ceremonies by OutSystems and the Stevie Awards Vietnam’s largest IT company was named by OutSystems, a…
Read More
DC Alliance Pier DC
September 2020

Singapore’s Figtree makes first data center investment with stake in DC Alliance

September 2020 | Data Center, News | No Comments
Singapore-listed Figtree has made its first strategic investment in the data center market by taking a 27.5% stake in DC Alliance, a data center owner-operator with a facility in Australia.…
Read More
Power Partners (Vertical)
Back to Events
Comments