Zoom Vulnerabilities Are Putting Organizations at Risk

Many of those who now use Zoom on a regular basis had not heard about it before the outbreak of the COVID-19 pandemic. It took just a few months for the video conferencing software platform to become one of the hottest buzzwords on the block as organizations large and small scrambled to support their remote workers.

But there’s a dark side to the success story, as some of its users have discovered first-hand. It quickly became apparent that security wasn’t one of Zoom’s strong points as reports of dangerous vulnerabilities started to multiply. Unfortunately, some of these vulnerabilities have yet to be fully addressed. The sooner you familiarize yourself with them, the better you can protect your remote employees and your entire organization.

Zero-Day Vulnerabilities

Zero-day vulnerabilities, or just 0-days for short, are unpatched vulnerabilities that have been disclosed to the public, allowing cybercriminals to relatively easily take advantage of them for their own personal gain.

At the recent Pwn2Own live hacking event, two ethical hackers, Daan Keuper and Thihs Alkemade, have exposed several 0-days present in the Zoom desktop client (available for Windows, macOS, and Linux). When exploited, the discovered vulnerabilities can make it possible for cybercriminals to take over the entire system and cause mayhem.

Zoom rewarded the two hackers with $200,000 for their work and promptly released security patches to prevent cybercriminals from exploiting the vulnerabilities, but there’s no guarantee that similar vulnerabilities won’t be discovered in the future.

Zoombombing

Zoom makes it very easy for attendees to join a virtual meeting—perhaps too easy. In many cases, all that’s required to join is the meeting number, which is a 9, 10, or 11 digit number, and there are many ways for cybercriminals and bored teens alike to obtain it and use it to perform zoomboming, the act of unwanted, disruptive intrusion into a video-conference call.

Sometimes, meeting IDs are unintentionally disclosed in screenshots shared on social media, as was the case with the UK’s prime minister, Boris Johnson, and his poorly thought-out tweet. However, cybercriminals can also actively look for valid meeting IDs using automated tools.

Zoom responded to the threat of zoombombing by turning on meeting passwords by default and requiring people to first sit in the so-called waiting room before being manually allowed to join the meeting by the host. Ultimately, zoombombing can be prevented by enabling the right settings and adhering to privacy and security best practices.

Privacy Issues

What can’t be prevented nearly as easily as zoombombing are the privacy issues arising from Zoom’s privacy policy, which gives the company the right to share its users’ personal information with various third parties.

Realizing the potential risks, multiple private and public organizations, as well as governments, have decided to ban or discontinue the use of Zoom, including Google, SpaceX, NASA, the United States Senate or the German Foreign Ministry.

Does all this mean that you should stop using Zoom as well at your organization? Not really. Other video conferencing software platforms come with their own fair share of risks, so you would just replace one set of problems with another one. Instead, you should learn what it takes to Zoom responsibly, and that’s something we at Spectrum Technology Solutions can help you with.

We Can Help You Minimize Your Zoom Security Risk

At Spectrum Technology Solutions, we offer a complete array of cybersecurity services to protect your network and data from cybercriminals willing to take advantage of every opportunity to exploit Zoom vulnerabilities.

We can provide on-demand web-based security awareness training to teach your employees Zoom best practices or educate them about the importance of using strong passwords and enabling two-factor authentication.

Our endpoint security with anti-ransomware backed by a 24/7 Security Operations Center (SOC) can ensure around-the-clock protection against the most dangerous cyber threats, while our backup and disaster recovery service can get you back on your feet in no time following a cybersecurity incident.

As Voice over IP (VoIP) experts, we at Spectrum Technology Solutions can equip your organization with cloud-based telephony for dynamic and reliable communications, providing you with an alternative to Zoom and other similar video conferencing software platforms.

Contact us to learn more information about how we can help you minimize your Zoom security risk without preventing you from focusing on what you do best.


Leave a comment!

All fields marked with an asterisk* are required.