Over the past few weeks, the use of Zoom video conferencing software has exploded, but with the increase in use, there have been notable security concerns that have surfaced. An article in the The Hacker News explores the issues that have come up and what Zoom has done to address them. Below are the main takeaways.
- As with any application, the more it is used, the more flaws will be discovered. Because of the increase in usage and scrutiny of security flaws, Zoom has announced a 90-day freeze on releasing additional features to focus its resources on identifying, addressing and fixing any issues.
- A weakness in Zoom's Windows app made it vulnerable to UNC path injections that could allow remote attackers to steal Windows login credentials. Zoom issued a patch on April 2 to address this bug.
- Zoom has had several issues with background data being collected that it has addressed by either clarifying its privacy policies or disabling the feature in question.
- A phenomenon called "Zoom-bombing" has been used to drop into an unprotected meeting and take over screen-sharing capabilities. Zoom began enabling the Waiting Room feature, which allows the host to control when or if a participant joins the meeting and requires users to enter a meeting password.
To read the full article, see this link: https://thehackernews.com/2020/04/zoom-cybersecurity-hacking.html
Because of Zoom’s quick response to the reported issues, at this time Southwest Cyber believes the use of Zoom for virtual meetings is acceptable with the following precautions:
- Always use a meeting password.
- Do not share the meeting information with anyone who is not attending the meeting.
- Do not share any confidential information or documents within the meeting itself. Follow the standard company process for sharing these documents (email, company portal, etc.).
- Use caution with the chat feature as these conversations are available later if the meeting is being recorded.