Security Researchers Find Vulnerability in Zoom App Which Could Allow Hackers Hijack Any PC
In recent years, data protection has become a significantly sensitive topic. The technology industry has worked hard to protect user data on its platforms. These include mobile devices, PC, and even software. However, there’s still a great security threat. Zoom, for instance, isn’t a newcomer to security breaches.
There have been credible threats against Zoom’s security system in the past. However, there’s a brand-new threat to your online security from the Zoom app. Security experts recently found out that cybercriminals can seize control of your PC by exploiting this vulnerability.
The first tool for online safety is critical information like this. It would be best to read this article to the end.
The Zoom App
Zoom is an American software built for video-conferencing and online meetings. Although Zoom has been around since 2012, it became more popular during the pandemic since meetings now had to be virtual. People use the Zoom app for remote working, online education, webinars, and other social interactions.
Some of its features have made it the 5th most downloaded app. Zoom allows up to 100-1000 concurrent participants for meetings lasting as long as 30 hours. You can use it with Windows, macOS, iOS, Android, Chrome OS, and Linux. Zoom also offers instant messaging and some level of security even though they’ve had some mishaps.
Key Features of Zoom
Zoom couldn’t have become one of the most downloaded apps if it didn’t have any great features. Some of its key features include:
1. Meetings Scheduling
Zoom offers you the same control you have over your physical meetings. You can have your meetings whenever you choose. The Zoom app allows you to schedule your appointments in advance. You can also connect the Zoom app to many calendars on your device. This easy integration certainly makes scheduling seamless.
With Zoom, you can automatically transcribe the audio from meetings that you recorded on the cloud. The transcription file then shows as a different VVT file in your recorded meetings list. You can also display the transcript text within its video. What’s more? You can view and edit your transcripts. However, it’s noteworthy that Zoom’s transcription only supports English.
3. Excellent Customer Support
However great software is, users will often run into issues. That’s why Zoom has a standby user support system that serves customers worldwide. You can get user support through chat, web case, and phone support. The Zoom phone support is available through multiple time zones. Furthermore, Zoom has video tutorials, a knowledge base, and user guides to aid your app’s use.
Recent Vulnerabilities Found in Zoom App
Dutch security researchers recently found a vulnerability with the Zoom app. Dutch security experts Daan Keuper and Thijs Alkemade, working for Computest, demonstrated this flaw at the Pwn2Own hacking competition. Pwn2Own is a hacking contest where participants win prizes for picking holes in security systems.
The Zoom exploit saw the two researchers use a three-bug chain in the Zoom messenger client to implement a remote code execution program on the target system. To be successful, the hacker has to be part of the target’s same organizational domain. Alternatively, they’ll be permitted to join a meeting by the host.
This particular vulnerability is worse than previous threats. This is because Keuper and Alkemade didn’t need any user interaction to gain control of the PC. The PC users didn’t need to click or do anything. It was sufficient that the Zoom app was running.
The hack allowed the two researchers to switch on the camera and microphone, read emails and other screen content. They could even download browser history from the PCs. A spokesperson has since acknowledged the Zoom problem. The official position of the company, however, is that they’re working to mitigate the vulnerability.
Previous History of Vulnerabilities on Zoom
As said earlier, Zoom has had a significant record of security weaknesses. Some vulnerabilities you should know about include:
1. Poor Encryption
Zoom’s end-to-end encryption isn’t that reliable. Although the advertisers claimed Zoom has E2E, this is only for transit data. At its endpoints, your data becomes vulnerable. Furthermore, Zoom generates and keeps the encryption keys. This means that they can decrypt users’ data at will.
2. Zoom Data Leaks to Facebook
On March 26, 2020, Joe Cox exposed the fact that the Zoom iOS app sends your data to Facebook. This data leak happens even if you don’t have a Facebook account. Details that Zoom leaked to Facebook included the user’s device model, time zone, and city. Zoom even sent the user’s unique advertiser identifier that can make them a target of adverts. In response, Zoom removed the Facebook SDK from its iOS apps.
There have been some other issues with the Zoom app. This article cannot cover them all.
Some Possible Ways Out
If there’s a flaw in tech, there’s almost always a way around it. The case isn’t different with the Zoom app. If you don’t want hackers to seize control of your PC remotely, you can use the Zoom browser client instead of the desktop client.
Zoom nudges you to use the app when joining a meeting online. However, if your PC will be safe, you have to ignore this nudge and stick with the desktop client until Zoom fixes this particular flaw.
Alternatively, you could switch to a similar app that doesn’t threaten a loss of control of your PC.
Learning how dangerous using the Zoom app is can be quite saddening. This is because Zoom has become essential software. Giving it up will be hard. However, the information above has put you on notice for the vulnerabilities. If you like, you can utilize the alternative proffered above until Zoom fixes its issues.