It’s been a few months since the world got heavily dependent upon the videoconferencing industry. One of the most prominent platforms available is that of Zoom. Zoom is a leader in modern enterprise video communications. Various companies have been making its use to connect to their vastly spread departments around the globe. It is one of the most readily available applications, easy to use and accommodates up to a thousand people.
While most privacy experts have made questionable claims towards the Zoom customer policies, the popularity of the platform has not seemed to have suffered an impact. Since the beginning of May, Zoom has been openly criticized for its privacy policies. It has been accused of phishing attacks and scams. It was also reported by Check Point (an Israeli Security Firm) that cybercriminals might have also registered hundreds of Zoom related website addresses. Also, Zoom suffered an unexplainable outage that remained for a few hours.
Now, hackers have come up with a strategy to hack into computer systems. Trend Micro found that there are two malware samples that seemed to pose threat by being downloaded along with Zoom. Backdoor and Devil Shadow Botnet are the malwares that resemble the official Zoom version. They can be easily installed in a Windows computer. The installer is a bulky file that resembles the official Zoom version. Both these extra software gather information (about IDs and passwords; any other computer information that could be sold in the dark web) which is sent to its C&C (Command & Control) every thirty seconds the computer is switched on. The malware kills all running remote utilities as and when it is installed by opening a TCP to gain remote access and setting up an e-mail to get the now infected machine ready for access.
During the process, the official Zoom installer runs in order to avoid suspicion.
According to Kaspersky, “The web version sits in a stand box in a browser and doesn’t have the permissions an installed app has, limiting the amount of harm it can potentially cause.” Either way, zoom needs to pull up its socks and offer its customers a better private environment. A data breach at such a large scale could endanger all of us.
The raising data breaches are having alarmed many. We cannot run away from them but we can always be cautious. There are a few things to keep in mind:
1. If you are downloading, make sure you do it from official distributing channels.
2. Use a web browser for videoconferencing rather than the app.
3. Go for a guest login, whenever possible.
Other than Zoom, applications like Google Duo, Hangouts, GoToWebinar are also available. Just because Zoom has been accused of major privacy concerns does not mean that others can be categorized as a safe alternative. Your safety is in your hands.
By Ridha Dhawan
Member, REPORTER’S COMMITTEE