How To Protect Your Data on Zoom

Posted by: Tamara Dutina April 02, 2020

Category: Other

From webinars, online yoga classes to online schooling and client meetings – web communication platforms and their usage flared up in the past few weeks, due to obvious, COVID-19 induced reasons. Unfortunately, so did the security issues led by various cyber-attacks, directed especially towards the most used platforms, such as Zoom.

During the previous month, the number of daily meetings on the platform sported from 10 million in December to as much as 200 million in March! And, as mentioned, such an increase didn’t come unaccompanied. It was followed by a massive increase in new domain registrations with names including “Zoom”. According to research by Check Point, more than 1700 new domains were registered out of which 4% was detected as suspicious.

zoom security advices
Source: Check Point

How is the data compromised?

Several security researchers found out that there is a vulnerability in the chat interface of the full desktop client called UNC path injection. UNC paths are references to shared files or resources. They are in the form of \\host\path\to\file. Zoom’s chat interface automatically converts such UNC paths to downloadable URLs. If the attackers control the host on which the shared file resides, they can steal the victim’s Windows credentials and use them to access all shared resources that the victim is authorized to access. All the attackers need is for the victim to click on the URL which points to a UNC path to a shared file on the attacker-controlled server. The file itself does not need to be malicious, and the theft of credentials is done when the victim’s computer tries to access the shared file. Windows machine will, if not configured differently, automatically try to authenticate itself to a remote host by presenting the victim’s username and hashed password. If the password is relatively weak, the attacker can easily uncover it using password cracking software like Hashcat or John the Ripper.

The same flaw can be used to remotely execute arbitrary command or executable on the victim’s computer thus providing the attacker with the ability to gain full control of the machine.
Another flaw in meeting authentication can enable attackers to enter chat rooms and calls and spam other participants.

Furthermore, it was reported that, contrary to Zoom’s claims, Zoom software does not employ end-to-end encryption. This flaw enables those who can sniff the traffic between participants to obtain exchanged messages which can contain sensitive information.

Safety advices to improve your data security

First of all, you should consider using some other video conferencing software like Skype, Microsoft Teams, Google Hangouts, Google Duo or Signal. If you have decided to stick with Zoom, you should follow these safety recommendations:

The matter of fact is that Zoom is not the only target of malicious attacks and that the users will continue to trust their communication to web platforms. So, if you have concerns about your data safety or need expert advice, reach out to our team for a free consultation.

Get in touch

Cloud expert consultation is free. Book today.


Keep reading

How to Migrate Your Application from Monolith to Microservices


According to a 2020 O’Reilly report on microservices adoption, 77% of businesses have already adopted microservices, while 92% of them state they are experiencing success after migrating monolith to microservices. The trend to en-masse start using microservices application architecture comes as no surprise considering the multiple benefits that the microservices architecture provides, including: Improved resilience […]

read more

What is Cloud Bursting and Does Your Business Need it?


Back in 2014, NASA launched a satellite called OCO-2 (Orbiting Carbon Observatory 2) to gain more insight into the Earth’s carbon uptake. Two years later, they had petabytes of gathered data that needed to be processed which would have taken over 3 months and cost about $200,000 if they had used on-premise data centers for […]

read more

How Managed Cloud & Open Source Solutions Fuel Business Growth


With the modern business landscape becoming more and more saturated and competitive in recent years, companies worldwide face an ongoing challenge of emerging through the noise and initiating growth. The resources are often suboptimal, which can make the process of developing a cost-effective and sustainable business strategy an insurmountable problem for many companies.  Luckily, with […]

read more