From webinars, online yoga classes to online schooling and client meetings – web communication platforms and their usage flared up in the past few weeks, due to obvious, COVID-19 induced reasons. Unfortunately, so did the security issues led by various cyber-attacks, directed especially towards the most used platforms, such as Zoom.
During the previous month, the number of daily meetings on the platform sported from 10 million in December to as much as 200 million in March! And, as mentioned, such an increase didn’t come unaccompanied. It was followed by a massive increase in new domain registrations with names including “Zoom”. According to research by Check Point, more than 1700 new domains were registered out of which 4% was detected as suspicious.
How is the data compromised?
Several security researchers found out that there is a vulnerability in the chat interface of the full desktop client called UNC path injection. UNC paths are references to shared files or resources. They are in the form of \\host\path\to\file. Zoom’s chat interface automatically converts such UNC paths to downloadable URLs. If the attackers control the host on which the shared file resides, they can steal the victim’s Windows credentials and use them to access all shared resources that the victim is authorized to access. All the attackers need is for the victim to click on the URL which points to a UNC path to a shared file on the attacker-controlled server. The file itself does not need to be malicious, and the theft of credentials is done when the victim’s computer tries to access the shared file. Windows machine will, if not configured differently, automatically try to authenticate itself to a remote host by presenting the victim’s username and hashed password. If the password is relatively weak, the attacker can easily uncover it using password cracking software like Hashcat or John the Ripper.
The same flaw can be used to remotely execute arbitrary command or executable on the victim’s computer thus providing the attacker with the ability to gain full control of the machine.
Another flaw in meeting authentication can enable attackers to enter chat rooms and calls and spam other participants.
Furthermore, it was reported that, contrary to Zoom’s claims, Zoom software does not employ end-to-end encryption. This flaw enables those who can sniff the traffic between participants to obtain exchanged messages which can contain sensitive information.
Safety advices to improve your data security
First of all, you should consider using some other video conferencing software like Skype, Microsoft Teams, Google Hangouts, Google Duo or Signal. If you have decided to stick with Zoom, you should follow these safety recommendations:
- Strengthen your Windows password
- Use Zoom from your web browser instead of using the full desktop client
- Keep your Zoom patched and up-to-date
- Check your Window’s security policy settings and disable automatic authentication to remote hosts (may break access to some older systems)
- Strengthen your protection with unique passwords for all meetings
- Try to restrict or disable any file transfers
- Limit screen sharing to the host only
- Manually control every webinar registrant and mind the lookalike domains and spelling errors in emails
- Disable the call re-joining option for all participants
- Disable “join before the host” feature
- Enable the waiting room feature, as it will give you time to check the participants and control who joins the call
The matter of fact is that Zoom is not the only target of malicious attacks and that the users will continue to trust their communication to web platforms. So, if you have concerns about your data safety or need expert advice, reach out to our team for a free consultation.
