Zoom Video Conferencing App is vulnerable to Cyber Attacks
The famous Zoom meeting App is vulnerable to cyber attacks now. Installing it on your system or using it, makes Your system vulnerable. In recent times the uses of video conferencing apps have increased due to work from home. Many companies and institutes use video conferencing apps to interact with people.
Zoom video conferencing app is one of the best-performing video conferencing app. Many people use this App for video conferencing. This spotlight also reveals the security and privacy issues of the Zoom App. The main security concern occurs when researchers know that many Zoom accounts have already been hacked. Many recorded meeting videos uploaded on Youtube and Vimeo website. Some of this video has personally identifiable information as well as an intimate conversation.
Zoom offers an option to hosts if they want to record and save the meeting and it is not recorded by default. The issue was notified to Zoom by the publishing house and the company is looking into the matter. The privacy issue occurs due to its encryption method and an option that adds people to a user’s list of contacts if they sign up “with an email address that shares the same domain.”
These two reasons are responsible for the privacy leak of the Zoom App.
Zoom App Encryption Technique :
Zoom meetings are not end-to-end encrypted as mentioned on their website. The app uses regular TLS encryption, the same encryption web browsers use to secure HTTPS websites.
The end-to-end encryption means no one can read the content shared by two people using any App. But the recent privacy leak of Zoom App questioned their App security.Zoom’s spokesperson told The Intercept, “It is not possible to enable E2E encryption for Zoom video meetings.”. Zoom also denied misleading users, claiming that E2E, for them, is “in reference to the connection being encrypted from Zoom endpoint to Zoom endpoint.”In a report by The Intercept Zoom has been found issuing encryption keys by servers located in China even when all the meeting participants are from America.
Researchers from University Of Toronto also found that the servers that issuing encryption to users are located in China.The researcher runs a test to track how the Zoom generate the encryption key.They found that the shared meeting encryption key during a meeting was sent to one of the participants over TLS from a Zoom server apparently located in Beijing.
This raises the security concern as Zoom will be liable to share the keys with the Chinese government if required, as per the laws.
The leakage of user data to strangers:
Zoom also leaked many email addresses and photos of its users.For this reason Zoom users could get video calls from strangers.This happens due to an option offered by Zoom that is known as Company directory.The option adds people to a user’s list of contacts if they sign up with an email address that shares the same domain.
The feature was introduced to help colleagues to find people from the same company.But in a recent report,researchers find that people who signed up using their private email id are also shared by Zoom App.There is one more security issue the security researcher has found.The shaddy installation of Zoom App.
Felix, a malware tracker at VMRay, discovered that the Zoom macOS installer evades Apple security mechanisms to get root privileges.The Zoom installer uses preinstallation script and misleading prompt to get root privilege.The App also makes Windows vulnerable.A security report shows that a flaw in Windows clients can lead hackers to steal windows credential of users.
So it is advised to not use Zoom App.Security researchers already reported this loophole and security companies.They also told users to uninstall the App because of the privacy concern.You can check the other alternatives of the Zoom App.