ZOOM: A Boon or a Curse

As this global pandemic spreads fear among everyone, more and more companies are having virtual conferences to continue their business.

More often than not, they are using the Zoom Video Communication, or more commonly Zoom app for this. You might have used Zoom for your online classes or such a conference. But how secure is this infamous application? Keep reading to learn more.

The roots of ZOOM

Contrary to popular belief, ZOOM has been there for a long time. Nine years to be exact. It was developed by Eric Yuan in 2011 to virtually meet his girlfriend when he wasn’t able to take a 10-hour long ride. Talk about love pfft.

The Zoom app provides free video calling for up to 100 participants, with a time limit of 40 minutes per session for free users. However, you can buy a premium subscription if you want to remove this limit.

The premium version costs from 15$-20$ depending on the version you buy. And this is available for all major platforms like Windows, Mac, Linux, Android and iOS.

But recently due to the high surge in its user base, it has gained a lot of attention of Hackers. Thus, there have been quite a few exploits or “hacks” available online. And more are being discovered every other day.

How ZOOM users are insecure?

In our findings, the latest known bug is in the Windows application. According to @_g0dmode, a cybersecurity expert, the Windows client for Zoom has a classic ‘UNC path injection’ vulnerability. This allows hackers to remotely steal your Windows login credentials and execute remote commands on your system.

This would mean that a hacker can steal your Windows password. And as a cherry on top, he can run arbitrary commands on your system which will give him complete control over your system.

By exploiting these bugs, a hacker can get your private information, passwords, documents and even your credit card details.

This is possible because the Zoom client for Windows can support UNC path that can convert a potentially dangerous URI to hyperlinks via the chatbox. To steal a user’s password, a hacker just has to send a specially crafted link in the chatbox to the victim.
This issue has been confirmed by a Google Security researcher Tavis Ormandy.

What can ZOOM users do?

Zoom has already been notified about this issue and an update is already available. To safeguard yourself, you should always keep your applications updated with the latest security patches.

If it’s viable, consider using a more secure alternate to Zoom. Some of the great applications for video conferencing are:

• Skype
• Google Duo
• Microsoft Teams
• Google Hangouts Meet
• Jitsi

Conclusion

We don’t want to defame Zoom or any other company. But the security of our users is our prime objective. The team behind Zoom is working on these bugs and they are doing a great job. But as the new bugs keep on coming up and with the current outbreak, it’s hard to keep the work going.

If you have anything to say or liked the post, please drop a comment and share as much as possible.

Get latest tech news and updates, programming tutorials and cyber security tips and tricks. Check out MeuSec for more.

Sometimes we include links to online retail stores and/or online campaigns. If you click on one and make a purchase we may receive a small commission.