Now that a quarter of the human population is in some form of quarantine, people have found a new way to communicate by using Zoom.
Zoom is an American remote conferencing services company headquartered in San Jose California. Its list of services includes video calls, online meetings, and mobile cooperation. And now that everyone is being asked to work from home, most have turned to Zoom. Except that there is a problem. Zoom is plagued by many security issues and despite the early enthusiastic adoption, many are dropping the app in favor of the more traditional Skype.
One of the security concerns around Zoom is how hackers are taking advantage of the service to push malware. As an example, hundreds of domains incorporating the word Zoom have been registered around the world. These domains are laden with malware entities and scams that seek to take advantage of one of the most popular trends in these trying times.
There are even malware entities incorporating the name Zoom as part of their executable files in a strategy that is meant to confuse users into installing the malware. In particular, researchers have found viruses, that when executed, will launch an InstallCore installer that goes on to install other potentially unwanted programs or PUPs.
Many anti-malware solutions regard InstallCore as a PUP as it is capable of disabling User Access Control and startup items. It can also mess with your browser settings and configurations in a way that promotes certain search engines over others.
While hackers target Zoom disproportionately, it is not the only communication app that hackers and cybercriminals are seeking to exploit. All messaging and video conferencing apps are seeing a spike in attempts at infiltration.
That is not to say that Zoom doesn’t have legitimate security issues. It has and these have been subjected to a lot of scrutiny in the last couple of days.
Zoom Privacy and Security Issues
In early January, Zoom developers were forced to address a vulnerability that could allow hackers to identify and join conversations in unprotected Zoom meetings. With many employees collaborating over Zoom due to the coronavirus menace, this posed real privacy and security risks for all involved.
Just recently, Zoom had to address another security issue. This time, it is posed by the Facebook SDK on the iOS application, which collected information unrelated to meetings including device time zone, device OS, screen size, device mobile career, processor core, and disk space.
Other vulnerabilities in the distant past allowed remote attackers to forcibly open the Zoom app on Windows, Linux, and macOS. In another case, Zoom had to patch a vulnerability that allowed cybercriminals to remotely run code that uninstalled the application on Macs via a maliciously crafted launch URL.
What other Zoom privacy and security issues have made it to the news in recent days? Here is a breakdown of the most notable.
- On April 9, the US Senate told its members to avoid Zoom due to the security issues surrounding the app.
- On April 8, a lawsuit was filed against the company by a Zoom shareholder, alleging that the app offers inadequate data protection and security measures. The lawsuit also asserts that the app doesn’t offer end-to-end encryption. On the same day, Google advised its employees to stop using Zoom for video conferencing.
- On April 6, school districts across the US started banning Zoom as a tool for teaching remotely citing the many unaddressed security and privacy issues surrounding the app.
- On April 5, calls made via Zoom were routed through China a situation that had many questioning the privacy protections placed on their data.
- On April 3, a Washington Post investigation found that thousands of Zoom call recordings were viewable via the open web. These video calls included a lot of personal information regarding health, finances, relationships, and so on. Information that fall in the wrong hands could be used for all kinds of nasty things.
The list goes on and on. And if you are among the multitude asking how safe is Zoom, now you know that the app has pretty serious security issues.
How to Protect Yourself from Zoom Hackers
To protect yourself from Zoom hackers, we recommend that you update your Zoom app as regularly as you can. Zoom keeps on producing new security patches that rectify the vulnerabilities we have just discussed above. Secondly, require a meeting password so that not just anyone can invade an ongoing meeting.
You also need to constantly clear any browsing histories, cookies, and temporary files so that even if the Zoom app keeps on malfunctioning, there won’t be anything for hackers to steal. A PC repair tool will make it easier for you do this if you are using a Windows device. On the macOS, you are going to need something like Mac repair app.
Finally, you can heed the advice of some cybersecurity experts and opt out of the app altogether because even if we tell you how to secure your Zoom app, there is nothing you can do to make the code better as it all depends on what is happening at Zooms San Jose headquarters.