Are you considering fleeing Zoom? Don’t be so quick to do so.

Elteni Zoom Vulnerability

Zoom has been under the spotlight over the past few weeks due to privacy and security issues. They were served with a class-action lawsuit over its data sharing practices, and come under scrutiny from the New York Attorney General’s Office.

Headlines like this may make you want to “Zoom” for the hills, but hit the pause button and take a look at the most recent issues:

  1. Zoom was found to violate data sharing practices by providing information to Facebook.
  2. Two zero-day vulnerabilities have been uncovered in Zoom’s macOS client version, which can allow locally based threat actors to access your microphone and camera.
  3. The Zoom Windows client is vulnerable to UNC path injection in the client’s chat feature that could allow attackers to steal the Windows credentials of users who click on the link.
  4. Zoom-bombing

Would you throw your laptop running the Microsoft operating system out the window? Would you stop using the Outlook client? Would you switch browsers and use something other than Google Chrome? Netflix too much of a privacy concern for you, or is binge watching more important? The answer for most, if not all, is No! Did you know that all of the vulnerabilities and data sharing practices that Zoom faces now have existed on many of the apps you use today?

Let us break down the issues identified above.

Sharing of data with Facebook

Obviously, a violation of privacy is a paramount concern, but it seems many of the software and apps we use today share data with Facebook. Is this a good enough reason to ignore it? Probably not, but realize this, we only know what we know. There are tons of apps that are sharing our information that we are not aware of. We ignore the fine print, click a button and giveaway our personal information. Zoom is under scrutiny because of the popularity it gained over the past few months. In a few months it will be another popular app that was found to be violating our privacy.

If you are genuinely concerned about the data that Zoom is sharing with Facebook, assuming Facebook does not already have your information from another app, then maybe you can stop using it. Otherwise, it seems Zoom already made some changes to address the already late concern. If you are ok with this, then happy Zooming.

Zero-day vulnerabilities

The zero-day vulnerabilities that were found seem to only affect the MAC-based client. The vulnerabilities could allow someone to gain full-privileged access to the machine or at a minimum take over the webcam and microphone in order to eavesdrop/record meetings. Yes these are huge concerns, however, it is important to note that these vulnerabilities require a bad actor to have local access to the machine. This means they would have to be sitting in the same room as you, or they would have had to compromise access to the machine prior to exploiting the Zoom vulnerability. We do not use MACs, so this is not a concern for us. If we did, we would be concerned, so the easiest thing to do at this point is to remove the Zoom client when it is no longer needed. This reduces the exposure to this threat.

UNC Path Injection

This vulnerability allows a bad actor to use the chat feature in the Zoom Windows client to steal Windows credentials of users. How? This is a little technical, but here we go: In the Zoom chat window you can create a clickable link that points to an SMB server (e.g. File Server). A bad actor can host this server on the internet. When someone clicks on this link, the Windows operating system attempts to connect to this server and will automatically send encrypted credentials to the server to try to connect to it. These encrypted credentials can then be cracked offline.

This issue has existed in Microsoft for a long time. This same method can be performed in Outlook clients, internet browsers, etc.  To protect against this vulnerability, you can avoid using the chat feature in the Zoom client, until Zoom produces their own fix for it. You can also block outbound SMB connections on your firewall. This may be difficult to do in Work From Home environments, so the best thing to do is if you can’t avoid using the chat feature or blocking it on the firewall, avoid clicking links in the chat window.

Another quick thought, how many people that you are inviting to your meetings are bad actors? Will your participants do such a thing?

Zoom-Bombing

This vulnerability is not really a vulnerability. It is the user misunderstanding how to properly use Zoom. Bad actors are infiltrating Zoom sessions because the host of the meeting did not set up the meeting in a secure way. Some of the things to do to prevent against Zoom-Bombing include:

  • Do not make meetings public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests. We like the waiting room feature.
  • Do not share a link to meeting publicly. Make sure meeting invites only go to the people you want in the meeting.
  • Manage screensharing options. In Zoom, change screensharing to “Host Only.” This will prevent other participants from taking over the screen sharing feature.
  • Make sure the Zoom client has been updated. Using old versions could leave someone vulnerable.

Participate in our work from home survey

We understand you are extremely busy and probably have little time for this, but sharing your experiences will not only help others feel socially connected, it will help us all determine the major issues and allows us to solve challenges together. We fully appreciate any time you spend responding to this.

The results of this survey will be shared with all participants.

Take Our Survey Now