Zoom Flaw That Could Have Let Anyone Join Private Video Conferences Proves How Important Passwords Are

If you are stuck at home due to the Coronavirus quarantine, because you are sick, or because you are working from a remote location, you might have already used Zoom, a video conferencing platform that allows connecting to others from wherever you might be in the world. The platform has seen a rebirth in 2020 due to the COVID-19 pandemic, and while the company saw a growth of 1.9 million active monthly users throughout 2019, it has already attracted 2.2 million new users in the first quarter of 2020. Zoom cloud meetings are used in classrooms, by businesses, and people who want to connect with their loved ones. Whatever your reason for using Zoom is, you need to understand that just like any other virtual service, it is flawed, and it is up to you ensure that your accounts and your calls are secure. We have a few tips that, hopefully, will make you circumvent Zoom security flaws.

Zoom security flaw allowed intercepting private video conferences

According to ZDNet, Zoom is very popular among Fortune 500 companies and the top 200 universities in the United States. The statistics show that 60% of those companies and 96% of those universities use Zoom. Unfortunately, these are the kinds of numbers that cybercriminals are attracted to. In the beginning of the year, researchers at CheckPoint discovered a Zoom security flaw that could have permitted undesirable parties to join private conferences/calls silently. The issue lied within the Require meeting password option that, if not enabled, left virtual meetings vulnerable. Every single Zoom meeting has a unique ID code that is composed of 9, 10 or 11 unique digits. Although a 9-digit combination creates 1 billion unique numbers, that is not a huge challenge for equipped cybercriminals. As you might know already, they have tools that can guess passwords for them, and it does not take that long to check one billion combinations. A 9-digit combination can be guessed within just 25 milliseconds. Needless to say, if the Require meeting password option is enabled, it should be exponentially harder for cybercriminals to intercept a private meeting/conference call on Zoom. In the end, CheckPoint researchers were able to guess about 4% of IDs, which is not a small number whatsoever.

The good news is that this Zoom security flaw was patched, and now Zoom meetings should be safer. That being said, you should always add passwords for all meetings, and these passwords should be long and random in every case to make sure that cybercriminals cannot guess/brute-force them. If you need help generating unique passwords for every Zoom meeting you host, we suggest employing the Password Generator offered by Cyclonis Password Manager. The tool can also help you manage your Zoom account password. Just like the Zoom meeting IDs, vulnerable passwords can be attractive to cybercriminals also. If they manage to hijack your account, they could potentially join meetings, where sensitive information is disclosed, or even share malicious files to the connected parties via Chat, and we are sure that you want to avoid being the weak link in your company. Here are the steps that will help you upgrade your Zoom login password.

How to upgrade Zoom login password

  1. Open https://zoom.us/signin.
  2. Sign in with your current password.
  3. Click User Management and then Users.
  4. Click the email address, whose account you want to edit.
  5. On the right of Sing-in Password, click Edit.
  6. Enter your new password. You can follow the recommendations listed in this section, but we recommend aiming for a stronger password because 6-character passwords are weak right from the start.
  7. Click OK to save the password.

N.B. If you are a Zoom administrator and are responsible for other accounts, make sure you set up strong passwords for them also. Do not rely on users to change them to stronger passwords on their own.

Needless to say, adding passwords to Zoom meetings or creating strong account passwords isn’t something that can help solve all security issues linked to the virtual meeting platform. History confirms that. In 2019, Forbes informed that Mac users had to change Zoom setting to turn off my video when joining a meeting because of a Zoom security flaw that, allegedly, left systems exposed to malicious attacks. Using this vulnerability, cybercriminals potentially had the option to hijack web cameras, force users to join ghost calls, perform DoS (Denial of Service) attacks, and also restore the uninstalled applications. Obviously, this Zoom security flaw has been fixed since then. The bottom line is that there is a lot that is out of the control of Zoom users, and the developers of the platform have to take responsibility and fix flaws before they become exploitable vulnerabilities.

Public Zoom meetings are particularly vulnerable

If you open up a Zoom meeting to the public – i.e., make it possible for anyone to join it – you have to think about a few potential security issues. Zoombombing is a funny term, but it describes an action that is anything but fun. Casey Newton, a tech reporter for The Verge, recently hosted a virtual conference using Zoom during his daily WFH Happy Hour show. The Zoom conference call ID was made public, and anyone could join it. Unfortunately, someone had malicious intentions, and soon everyone on the conference call started seeing violent pornographic videos. Once a conference is public, the assailant can join again and again after being kicked out. Casey was forced to stop the call and, at the same time, his show. The good news is that Zoom allows managing screen-sharing, and if you are the Host, you can always set the settings to ensure that only you can share screens and content. Participants can also be muted. More tips on how to stop Zoom bombers can be found here.

In conclusion, if you are relying on Zoom during the quarantine or beyond it, you have to take appropriate security measures. Add passwords to Zoom meetings that are private, do not share your private Zoom ID, do not share private meeting IDs and links via public platforms (e.g., on social networking accounts), and make sure you create passwords for Zoom accounts that could not be guessed and breached by cybercriminals. Also, use the two-factor authentication feature. Finally, if you learn about Zoom security flaws, do not ignore them because even if you yourself might not be able to fix them, you can work around them to ensure your own virtual security and the security of others.

By Foley
March 31, 2020
Password Security
English
March 31, 2020
Password Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

How To

What Is a Zero-Day Flaw and How It Can Put Your Passwords at Risk

Perhaps philosophy doesn't come to mind when you think about cybersecurity. However, today we are going to talk about zero day vulnerability, and this concept requires a little bit of mental gymnastics. It is actually... Read more

March 4, 2019
How To

How to Delete Saved Passwords on Firefox

There is a multitude of reasons why you might want to delete your passwords from Firefox. Maybe some of the websites you used to use are now defunct, or you simply don't visit them anymore. Or maybe you're afraid that... Read more

October 3, 2019
Tips

How Private Is Your Private Information?

We live in a world where our days are filled with news of cyberattacks and exposed personal information, and you have probably started wondering whether anything on the World Wide Web can ever be classified as... Read more

August 8, 2018
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.