Intelice Solutions: Blog
Are You Aware of the New Zoom Vulnerabilities?
Zoom Vulnerabilities
Since the onset of the coronavirus, there has been an increase in businesses using Zoom videoconferencing to keep in touch with clients, suppliers, and coworkers. There has also been an exponential surge in security issues where unwanted visitors are gaining unauthorized access to Zoom meetings.
Fake Zoom Domains
Since January 2020, more than 1,700 new Zoom-themed domains have been registered worldwide. Although many of them were legitimately registered by companies with similar names or were used in domains with relevant content, as of January this year, at least 70 appear suspicious.
Cybercriminals use these fake Zoom domains to exploit Zoom meetings as a gateway to gain access to intellectual property and other sensitive data through the use of malware and phishing scams related to the pandemic. They steal meeting I.D.s and passwords pretending to be Zoom client installers and cause significant disruption to business continuity.
Stealing Windows Login Credentials
A critical vulnerability for those using Zoom is that it allows cybercriminals to steal Windows login credentials. Zoom, along with Windows, supports Universal Naming Convention (UNC), which is the feature that converts the URLs sent in chat into hyperlinks. Zoom client converts the Windows networking UNC paths into a clickable URL. When the user clicks on the UNC path URL, windows then send the users login details allowing cybercriminals to capture this sensitive information.
Zoom-Bombing
Zoom’s rise in popularity has seen an increase in activity from internet trolls called Zoombombing. Zoombombing is similar to Photobombing and is disrupting the videoconferencing space. Zoom-bombers gain unauthorized access to a Zoom meeting by stealing their login to harass the meeting participants in various ways. The FBI has received multiple reports of zoom meetings being disrupted by hijackers sharing hate images, pornographic material, and threatening language.
Privacy and Security Vulnerabilities
In early April, Google warned employees not to use Zoom’s desktop application on their work computers “due to privacy and security vulnerabilities.” SpaceX, the U.S. Senate, and New York City’s school district have enacted similar restrictions as has the military.
A vice investigation showed that Zoom’s app for iPhones sent data about users’ devices to Facebook, including users who did not have Facebook accounts. The Zoom app notifies Facebook when the user opens the app, providing details on the user’s device, including the model, city, and time zone they are connecting from. Zoom also provided Facebook which phone carrier they are using, plus the unique advertiser identifier created by the user’s device, allowing marketers to advertise directly to users. As a result, Zoom was hit with at least two lawsuits in federal court, one by a California resident who alleges Zoom violated the state’s new Consumer Privacy Act by disclosing information to Facebook without providing consumers with the ability to opt-out.
The Alternative – Microsoft Teams
The Gartner report has Microsoft Teams as a leader in virtual meeting solutions offering a more secure video conferencing alternative following security best practices and procedures. Teams is the hub for teamwork within Microsoft 365 (formally Office 365), which offers a secure meeting experience with high-quality audio, video, and screen sharing capability. Teams support private and group meeting capabilities, scheduling capabilities, and free/busy calendar availability allowing employees to seamlessly switch between multiple communication apps such as video conferencing, instant messaging, real-time document collaboration, and file sharing all within a single window.
Offering support in the D.C. metro area, Intelice Solutions is dedicated to providing you with secure and affordable technology solutions keeping your sensitive data safe and secure. To find out more about if Microsoft Teams is right for your business, call {phone} or email Info@Intelice.com for an obligation-free assessment ensuring your communications are secure.