As much of the world’s working population sits at home in self-isolation, due to the COVID-19 outbreak, one would expect the video conferencing platform ‘Zoom’ would be one of the few businesses to really benefit from the pandemic.
Unfortunately, despite its explosive rise in popularity, Zoom’s videoconferencing software is just as quickly becoming a privacy and security nightmare.
According to BleepingComputer, a newly found vulnerability in the video conferencing application, Zoom, allows an attacker to steal a user’s Windows login credentials. The vulnerability lies in the way that Zoom chat utilizes its links, particularly, as it converts Windows networking ‘Universal Naming Convention’ paths into usable links.
The vulnerability, first identified by cyber security researcher, Matthew Hickey, can be used to launch programs on the unfortunate victim’s computer when they click on the link. Once the user clicks on the link, Windows will then leak the user’s Windows login name as well as their password.
Fortunately, the password itself is hashed; however, the unfortunate news is that in many of these cases, a simple password recovery tool, such as ‘Hashcat’ can reveal the password in plain text.
Cybersecurity Definitions:
Password Hashing: When a password has been “hashed,” it means it has been turned into a scrambled representation of itself in a random piece of text. A user’s password is taken, using a key known to the site. The hash value is derived from a combination of both the password itself, as well as the key, using a distinct algorithm.
To make matters worse, the Zoom vulnerability does not require a whole lot of technical know-how to exploit. Though it does require the victim to click on a link, and it can be mitigated through Windows’ security settings, the fact that it’s a fairly uncomplicated vulnerability to take advantage of makes it extremely problematic for any user unfamiliar with basic cybersecurity knowledge. Mass migration of businesses to the home-based office, this is now becoming a really big problem.
Zoom Vulnerability: The ‘Make Shift’ Fix
Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers and set to “Deny all”
Not surprisingly, Zoom video-conferencing experienced a massive surge in popularity within the first week of the COVID-19 outbreak. Purportedly, the service added over 2.2 million active users by the end of February 2020. For context, this is almost 300,000 more users in a two-month period than Zoom saw in all of 2019.
Security researchers advise that these vulnerabilities are nothing now. In fact, they’ve been there all along. With everyone suddenly being forced to use video conferencing software, such as Zoom, this means more people are uncovering these security issues and many more, finding themselves the unfortunate victims.
Zoom’s boom in popularity, has seen the video-conferencing software skyrocket to the very top of iOS and Android app stores as people make use of it for everything from online learning, keeping in touch with family, virtual fitness and critical business meetings. With all the extra attention, Zoom is now facing a massive wave of privacy and security backlash as cyber security experts, law enforcement agencies and lawmakers have warned the public that Zoom’s default settings are simply not enough.
Zoom is now facing multiple lawsuits that assert the organization is disclosing personal information to third parties. This is no small accusation. Earlier this week, two lawsuits were filed, in California, U.S.A., with one seeking damages on behalf of users for alleged violations against the California Consumer Privacy Act.
Similarly, the New York Times has noted that the New York attorney general is also in the midst of taking action and demanding a complete review of Zoom’s privacy and cybersecurity practises.
When all is said and done, Zoom Video Communications is suffering severe scrutiny in this rare moment in human history. With the pandemic situation escalating, and no end in sight, the video conferencing app is now being used in ways it was not designed for. As a result, Zoom will be forced to tighten up the security of the application to maintain its appeal to businesses and individuals in the next few months.
For educators using Zoom as a Virtual Class room, Zoom’s website has created a blog outlining best practices for securing the Virtual Classroom, securing screen sharing and enabling a waiting room.
If you would like any more information on the subject matter, or would like to learn how Packetlabs can assist you during the Covid-19 pandemic, please contact us for more details.
October 24 - Blog
Packetlabs is thrilled to have been a part of SecTor 2024. Learn more about our top takeaway's from this year's Black Hat event.
September 27 - Blog
InfoStealer malware plays a key role in many cyber attacks, enabling extortion and lateral movement via stolen credentials. Learn the fundamentals about InfoStealers in this article.
September 26 - Blog
Blackwood APT uses AiTM attacks that are set to target software updates. Is your organization prepared? Learn more in today's blog.