The Coronavirus Makes Zoom More and More Popular as Privacy and Security Problems Continue to Emerge
The developers of video conferencing application Zoom can't catch a break, and this is hardly surprising. With millions of workers stuck at home because of the COVID-19 pandemic, people need to find ways of organizing online meetings and coordinating work remotely, and Zoom seems to be the perfect tool for that. Other solutions like Microsoft's Teams are available, but they don't seem to fit businesses' needs as well as Zoom does, and reports of bugs and downtime are not really helping their cause. That being said, Zoom has its own problems, and their number appears to be increasing.
The platform was first criticized when people combed through its data-sharing mechanisms and discovered that quite a lot of user information was sent to Facebook. Later, just as the leaders of some of the world's superpowers were starting to use the service to govern their countries, it was revealed that Zoom had misled people with the use of the term "end-to-end encryption." A less-than-perfect default setup also gave birth to something called "zoombombing," during which trolls would join and disrupt other people's meetings without the need to enter a password. Zoom's developers are desperately trying to stay on top of the situation, but as more and more problems emerge, this is becoming increasingly difficult.
More security problems surrounding Zoom's desktop clients
In late-March, a security researcher going by the Twitter handle @_g0dmode kicked up a bit of a storm when he shared with the rest of the world how an attacker could theoretically steal a Zoom user's Windows login credentials. The problem lay with the fact that Zoom would convert both URLs and UNC file paths into clickable links. As a result, a user would click on a malicious UNC link without thinking too much about it and would inadvertently instruct his Windows machine to connect to a remote server via the Server Message Block (SMB) protocol. In doing so, the operating system would send the Windows username and a hashed version of the password that is trivial to crack with modern hardware.
Screenshots and videos proved that the attack is theoretically possible, but many researchers argued that it's not a real threat. For one, such an attack could be hampered by the fact that most corporate VPNs (which quite a few remote workers use at the moment) and many ISPs wouldn't allow Windows machines to communicate through the ancient SMB protocol. Some of the experts also reckon that this particular attack exploits Windows rather than Zoom itself.
Nevertheless, Google's Tavis Ormandy presented another scenario in which an obfuscated UNC link might silently execute a malicious file. This time, nobody doubted the seriousness of the bug, and Zoom's developers reacted. They decided that from now on, the online meetings app won't convert URLs and UNC file paths into clickable links, which is probably the right call. Unfortunately, while Zoom is able to solve some of the issues, others remain outside its control.
Security experts notice a surge in newly-registered Zoom-related domains
Cybercriminals know what their potential victims are interested in. They actively monitor the search trends and try to make the most of the current hot keywords. In light of this, it shouldn't really be a surprise that one of the UK's leading registrars blocked the registration of around 600 coronavirus-themed domain names. It also shouldn't be a surprise that we're seeing a similar trend with the Zoom meeting platform.
Researchers from Check Point recently said that during the first quarter of 2020, they've witnessed the registration of no fewer than 1,700 new domains with the word "zoom" in them. 25% of them were created during the last week of March.
Obviously, not all of them are malicious. Only 4% of them have shown "suspicious characteristics" so far according to Check Point, and it must be said that some of the domains probably have nothing to do with the video conferencing platform. Nevertheless, the researchers said that in addition to the influx of domain registrations, they've also seen a few malicious files named after the online conference service, so attacks on Zoom users are definitely on the cards. If you're one of the potential targets, you should be extra careful.