Following lockdowns and work from home protocols across the world, there’s one software that’s seen a boom in the past month. Zoom reportedly grew X since XY. But you probably knew that already. After all, it was hard to avoid people posting screenshots of their zoom conversations all over social media. As such, it should also come as no surprise that Zoom is raising some serious security questions.
Attackers focus attention on the Zoom hype
Shortly after Zoom started getting traction, attackers saw the software as a viable target. As such Zoom might pose some significant vulnerabilities. According to The Telegraph, a vulnerability in the software could potentially allow hackers to gain access to users’ email account passwords.
Particularly the Windows version of the Zoom software. This vulnerability could be exploited by simply clicking a link sent over webchat. For example, if you send a Universal Naming Convention path on the chat, Zoom will convert it to an actionable link. If this link is clicked, Windows will attempt to connect to a remote host via the Server Message Block network file-sharing protocol. With this, your sign-in name and NT Lan Manager credential hash. The credential hash could be used to decode the username and password details.
The security flaw puts the Windows version of Zoom at risk and in turn, users’ Microsoft Outlook inbox or Sharepoint document storage system. At the time of writing, Zoom is yet to patch the vulnerability.
How you can work around the security flaw
One way to circumvent the vulnerability is to use the ‘Local Group Policy Editor’ on Windows. Here’s how,
- Open Start
- Search and select gpedit.msc
- Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
- Double-click Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers
- Select Deny All
- Click Apply
- Click Ok
- Click Yes to confirm
The above will prevent your system from sending your Windows 10 sign-in NLTM credentials to a remote host. However, it should be noted that this method works for Windows 10 Pro or Windows 10 Enterprise. Furthermore, this only works as a temporary measure. If you make this configuration to a Windows 10 device that’s connected to a domain or a file-sharing server, you’ll have problems accessing files on the remote device.
Fixing via Registry
Alternatively, if you’re running Windows 10 Home, this vulnerability could be circumvented via the Registry. Although, do note that editing the registry could have serious repercussions if not done properly. Thereby, remember to take a full backup of your computer should you choose to pursue this method.
- Open Start
- Search for regedit and select the top result
- Right-click MSV1_0, select New, click DWORD (32-bit) Value
- Name it RestrictSendingNTLMTraffic and press Enter
- Double-click it and set the value to 2
- Click Ok
Of course, as with the previous method, this is only a temporary measure.
This isn’t the first time for Zoom
However, this isn’t the first time Zoom had a serious vulnerability in its systems. Back in August 2019, a vulnerability in Zoom allowed hackers to eavesdrop on private business meetings. The vulnerability was discovered by researchers at Check Point, a cybersecurity company. The vulnerability was exploited via automated tools to generate random meeting room IDs. These automated tools could be used to generate genuine Zoom links to meetings without the need for passwords. “The additional member would be visible by others in the meeting if they look at the ‘participants’ window in Zoom. But in many cases, Zoom conferences can have 10 or more participants, so the hacker may not be noticed in a large list,” noted Alexander Chailytko, cybersecurity research, and innovation manager at Check Point.
Thankfully, this vulnerability was patched by Zoom back in January 2020.
Additionally, Zoom also raises privacy concerns for users. Recently, it was found that Zoom’s iOS app sends analytical data to Facebook, or specifically Facebook Graph API. This is regardless of users having Facebook accounts. The primary issue lies with the fact that Zoom users may not be aware of this at all. Users might be signing up for one service, but they may end up providing data to 2 services inadvertently.
The transferred data included OS type and version, iOS Advertiser ID, IP address, device time zone and language, device model, carrier, disk space, and screen size. According to Zoom, this data didn’t include meeting-related information.
By the 27th of March, Zoom patched an update on its iOS app addressing the above issue. The update removed the Facebook SDK that was used to implement the “Login with Facebook” feature. This is the feature that sent device data to Facebook Graph API.
More security questions are left unanswered
According to a report by Motherboard, Zoom may be leaking personal information. As a result, strangers would have the ability to start a video call with random users. The issue stems from its “Company Directory” setting. This setting automatically adds people to a user’s contact list if they share the same domain. However, users allege that Zoom had pooled them together with other users thinking they all worked for the same company. This is despite these users signing up on personal emails.
Following the Motherboard report, Zoom claimed that the company maintained a blacklist of domains. Zoom went on to state that the company has blacklisted the specific domains highlighted on the Motherboard article.
Unfortunately, the problems for Zoom doesn’t end there. The Intercept reported that Zoom doesn’t use end-to-end encryption, despite company claims. According to the report, the encryption on Zoom communications isn’t end-to-end, rather TLS. This is what’s used to secure HTTPS websites. This is called transport encryption. Essentially, your Zoom meeting content will likely be safe from hackers. But it won’t stop Zoom from accessing your content. End-to-end encryption would ensure this won’t happen.
Should we use Zoom?
By now, you’re probably asking yourself if you should even use Zoom. Yes, the software does have several security concerns. But that doesn’t mean all other software you use daily is foolproof either. It could also be that the explosion in its userbase is causing the software to come under increased scrutiny.
While we can hope that Zoom sorts out all of its security vulnerabilities, it is also important that we as users exercise caution in using popular software on a daily basis.