Zoom meetings are happening all across the globe as a large number of people are preferring work from home due to the coronavirus outbreak. The remote culture has indeed resulted in popularity for the video conferencing platform that was earlier trying to compete against Google’s Hangouts Meet and Microsoft’s Skype. According to a survey, Zoom has become the highest downloaded app in the past 10 days, amid the COVID- 19 outbreak. However, its overnight popularity has also brought it into the limelight for security reasons as users are suffering from its alleged underlying vulnerabilities.
The first vulnerability that have been identified in the zoom app is about UNC paths. The windows client can convert networking UNC paths into a clickable link in the chat message which can be utilised by attackers to capture Windows passwords and other login credintials. The attacker can easily gain access to the computer after exploitation and install malware or spyware, without letting the users know about the backdoor entry. The issue that allows unwanted access is due to the installer that can easily be injected with malicious code and used to obtain root-level user privileges.
Zoom, who has been informed of the issue, can fix the issue by not turning network paths into clickable links, while network admins in the meantime can disable the automatic sending of network login credentials via the group policy ‘Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers’, though this can cause issues when accessing resources on some networks.
Home users can modify the Restrict Sending NTLM Traffic Registry value under the HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\ Control\Lsa\MSV1_0 key and set it to 2. They do not need to reboot.
In addition to the UNC injection flaw, the Zoom app is said to have two distinct security loopholes that could allow attackers to gain root access and take over a user’s Mac system. It is important to note that apart from the above new security issues, Zoom was recently in the news for its misleading end-to-end encryption claim. The app has also been found to have a flaw that exposes emails and photos of users.