Zoom Security Vulnerabilities

For many organisations Zoom has become one of the primary methods for communicating during the COVID-19 crisis. The heightened awareness of Zoom has prompted several security issues that customers need to be aware of.

Due to these unprecedented times, the requirement for remote collaboration and video conferencing has come into the spotlight. A popular tool that has emerged is Zoom conferencing utility, however multiple vulnerabilities and risks have been identified with the use of this software.

1 Zoom Bombing

Unsecured meetings, meetings setup as public, allow anyone to join the meeting. This can cause disruption to meetings, risk data and information exposure.

2 End To End Encryption

Zoom does not use 100% complete end to end encryption. Anything you say in the meeting could potentially be recorded by a third party.

3 Encryption Standards

Zoom stated that their encryption levels were AES 256, the encryption levels have actually been confirmed as AES 128. AES 128 is still strong encryption, but this non-trival discrepancy should raise concerns of the overall level security of the product. Note, Zoom have now corrected this error in their marketing.

4 Zoom Path Vulnerability

Security researchers have disclosed details of a path injection vulnerability in the Zoom remote conferencing client for Microsoft Windows. They claim a remote unauthenticated meeting attendee can exploit this vulnerability to obtain other attendee's usernames and session (NTLM) credential hashes, comprising your local computer and network.

Our Recommendation

Due to the number of security issues we advise that organisations refrain from using Zoom where any personal information or sensitive business information is discussed. Also if your business operates in any security sensitive industry.

Alternatives

At Datcom we utilise Microsoft Teams, Microsoft have made Teams free for use for all organisations, but does require the creation of an Office 365 account. Microsoft also have a free version of Skype without the need for the creation of an account.

For more information please contact your Account Manager.

References

https://products.office.com/en-gb/microsoft-teams/group-chat-software

https://www.skype.com/en/free-conference-call/

Get in touch

Call us on 0333 000 3210 or Email us solutions@datcom.co.uk

Latest news...

Time for a cloud backup solution?

Here at Datcom, we help many of our clients ensure their business data is backed up. Let’s look into why it’s worth considering if your business needs to evaluate its backup requirements.

Read More

Learning Never Stops

Lockdown may have kept us all indoors but during this period Datcom increased the team access to online training materials to allow them to continue their development from home.

Read More

End Of Life Office 2016 and 2010

Support for Office 2010 will end on October 13, 2020 and there will be no extension and no extended security updates. All of your Office 2010 apps will continue to function.

Read More