Did Zoom do enough to prevent their plague of security breaches?

By April 15, 2020Cybersecurity, News

Did Zoom do enough to prevent their plague of security breaches?

Did Zoom do enough to prevent their plague of security breaches?

Zoom’s boom in popularity has left the video-conferencing platform vulnerable to cybercriminals exploiting the fear, uncertainty and rise in remote working driven by the coronavirus outbreak.

The vulnerabilities include user’s data being shared with Facebook and Zoom calls from non-Chinese users ‘mistakenly’ routed through Chinese data centers.

The word ‘Zoombombing’ has even been coined, as conferencing streams are being hijacked by unwelcome guests. 

Reports have surfaced of an online geography lesson in Singapore that was allegedly hacked by two men who shared explicit images. The Ministry of Education has since suspended the use of Zoom for teachers.

Security and privacy concerns over Zoom led organisations like Google, Elon Musk’s SpaceX, the US Senate, the Philippines’ telecom giant PLDT and the Taiwanese Government to ban their workers from using Zoom.

The video-conferencing tool has also been hit with a class action lawsuit by a shareholder who accused Zoom of overstating its security measures and failing to disclose the service was not end-to-end encrypted. The lawsuit came after Zoom’s shares fell by 25% in recent days, despite a huge stock spike of more than 100% since January.

With the plague of security issues facing Zoom, it begs the question of whether Zoom did enough to prevent it.

Zoom’s vulnerabilities identified as early as last year

In June 2019, Check Point disclosed a security flaw where their researchers were able to predict a Zoom Meeting ID with a high chance of success to gain unwanted access to a call. 

While the IT security specialists said Zoom made changes to mitigate the flaw, this is identical to what is now known as “Zoombombing”.

Check Point’s Head of Security Engineering for APAC Gary Gardiner said: “We would never have disclosed vulnerabilities to the wider audience if we didn’t feel that the company, and Zoom in this case, had actually gone through the appropriate checks and balances and made the changes that we would have said they needed to make.”

Zoom is making a number of changes, including upgrading their encryption and hiding meeting IDs.

Mr Gardiner added applications can still be vulnerable during a product’s development. These flaws can be exploited by threat actors particularly when a platform gains popularity very quickly like Zoom during the coronavirus outbreak.

Zoom’s daily usage went from 10 million meeting participants in December 2019 to a massive 200 million in March 2020.

To add another vulnerability to Zoom’s growing list, Mr Gardiner said he is seeing numerous copycat domains posing as the video communications provider. During the past week alone, Check Point witnessed a huge increase of more than 1,700 in domains with the word “Zoom” in the URL.

Zoom is not the only platform exploited by cybercriminals. Mr Gardiner discovered that Office 365 is a prime example of where threat actors are replicating websites which look like the real deal to steal corporate organisations’ credentials. 

He added that cyberattacks on mobile devices are increasing. This is because the URLs are much smaller and applications by organisations like OTT providers are easy to replicate.

As a security professional, Gary said he would like to see organisations like Zoom provide more online education for users to understand how to protect themselves.

How can you stay safe when using Zoom?

To stay safe online, some of the responsibility comes down to the user.

Mr Gardiner said: “From what we have seen with Zoom, there have been some basics that end users haven’t done very well.”

To stay safe when using Zoom and similar platforms, consider the following recommendations:

  1. Password protect your meetings and do not use the same password twice
  2. Use a randomly generated meeting ID provided by Zoom
  3. Lock your meetings once everyone has joined
  4. Only allow authenticated users from the same domain as your own  to join sensitive meetings
  5. Beware of copycat domains – check for spelling errors in the URL

Join in the cybersecurity conversation

The coronavirus outbreak has put into question the present and future state of the cybersecurity industry. With the threat of global attacks rising, the need for a strong cybersecurity plan is more important now more than ever.

Join industry experts for the free W.Media Inside Asia: Technology & Market Next Moves Power Talk on 30th April to explore the impacts of the pandemic on data centers, cloud, 5G, and cybersecurity. And discuss how we can survive and thrive in the post-coronavirus world.

Author

Receive the Latest News

Latest News

November 26, 2020

SAP-owned Qualtrics to launch Singapore data center in 2021

November 26, 2020 | News | No Comments
SAP-owned Qualtrics is set to open a new data center in Singapore during 2021 to improve user experience in Southeast Asia. The data center will act as the default location…
Read More
November 26, 2020

NTT streamlines Hash Code Book’s multicloud environment in Malaysia

November 26, 2020 | News | No Comments
NTT has successfully implemented its Cloud Management Platform to streamline IT outsourcer Hash Code Book’s multicloud environment in Malaysia. With their fragmented workflow on different cloud platforms across Hong Kong,…
Read More
November 26, 2020

AWS launches Amazon Managed Workflows for Apache Airflow

November 26, 2020 | Cloud, News | No Comments
Amazon Web Services (AWS) has announced the general availability of Amazon Managed Workflows for Apache Airflow (MWAA), its new cloud-based workflow management service. Apache Airflow is a popular open source…
Read More
November 26, 2020

Lumen to bring network security to Zoom

November 26, 2020 | Cybersecurity, News | No Comments
Lumen is set to provide its network security capabilities to Zoom with a brand new partnership. Zoom delivered by Lumen combines Lumen’s embedded solutions with Zoom’s built-in security features to…
Read More
November 26, 2020

Singapore’s IMDA and IBM join hands to train tech professionals

November 26, 2020 | Digital Transformation, News | No Comments
Singapore’s Infocomm Media Development Authority (IMDA) has partnered with IBM to provide digital upskill training to the Singaporean workforce as part of the country’s effort to equip its citizens with…
Read More
PDG Vertical
Back to Events
Comments