Zoom has surely received a lot of fame during the social isolation period but every day, there are new questions about the security and privacy of the application. The video conference website was questioned recently about their end-to-end encryption but it turns out there are more loopholes than you can imagine.
Source: Mashable
According to BleepingComputer, Zoom allows hackers to get access to the user’s Windows login information. This happens because Zoom converts Window networking UNC (Universal Naming Convention) paths into clickable links. So if you click on such a link, your Windows will reveal the password and login username to the attacker.
The only good news is that the leaked password is hashed but how long can that encryption last? Password recovery tools are available everywhere today and can easily decipher the code with apps such as Hashcat.
Source; Gadgets.ndtv
This loophole was discovered by security researcher @_g0dmode and another security researcher, Matthew Hickey confirmed it. Hickey also informed the users that if anyone is trying to hack your computer, they can easily launch programs on the system using this vulnerability. The good thing is that Windows, by default, will notify you of the breach before it opens the sent program.
Out of all the worst things we have found about Zoom so far, this fault tops all because it’s a no-brainer. Anyone with even surface knowledge of programming can use it to manipulate the data of the victim’s computers and there is nothing much you can do.
Source: Tech Crunch
The only way to stop it is to not click on unknown links and use the filter in Windows security settings so you are informed about any such situation beforehand. However, Zoom still needs to take the issue into account and modify the way their chat handles links.
Meanwhile, if you want to stay safe, follow the instructions mentioned below and make your computer secure.
Go to Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers and set to “Deny all”.
As the popularity of the application grows, hackers are having a field day with all the privacy issues that make Zoom users an easy target. The website can leak your pictures from the cloud to unknown parties due to numerous glitches in their software so they should fix all the problems soon before the data from their app is compromised.