Zoom could be stealing your Windows password, hacking your webcam

Video calling app Zoom has announced it will be freezing product development to focus on boosting the security of its services following seveal high-profile security issues.

The app has seen an explosion in users over the past few weeks as workers around the world embrace a new era of working from home, but now its security protection is being called into question.

In a blog post, Zoom CEO Eric S. Yuan revealed it saw 200 million daily meeting participants in March, a huge rise from the 10 million daily users it welcomed in December.

However this surge in users also meant that Zoom has since attracted a lot of attention from security researchers and cybercriminals alike, with a number of worrying security flaws affecting Windows and Mac devices uncovered.

On Windows devices, one expert found that criminals could exploit a flaw in the Zoom chat feature to steal login details. Speaking on Twitter, the researcher known as @_godmode outlined how the part of Zoom's chat feature that converts URLs into hyperlinks can also do the same for Windows networking UNC paths, turning them into a clickable link that if accessed, could reveal login information.

Another expert revealed two bugs affecting Zoom on Apple Mac devices. One flaw would allow criminals to hijack a victims device, one of which exploited Zoom's access rights on a device to give hackers control of the webcam and microphone.

A seperate flaw discovered by the same security researcher, Patrick Wardle, could allow a hacker to inject malicious code into Zoom's installer program, giving access to the device's operating system and allowing them to install malware without the victimnoticing.

Zoom was also criticised earlier this week after it was discovered that the app does not offer end-to-end encryption, as promised on its website. Instead, it uses Transport encryption, a Transport Layer Security (TLS) protocol which means that although others won't be able to access your data, Zoom will still be able to.

This has all led Zoom to change tack, and Yuan says that the company will now look to focus on improving the security and privacy aspects of the app before developing new features.

“Our platform was built primarily for enterprise customers,” Yuan said. “We did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home. We now have a much broader set of users who are utilizing our product in a myriad of unexpected ways, presenting us with challenges we did not anticipate when the platform was conceived.”

“Over the next 90 days, we are committed to dedicating the resources needed to better identify, address, and fix issues proactively,” Yuan added . “We are also committed to being transparent throughout this process.”

Zoom's entire engineering team will now pivot to working on safety and security, with the company also planning a “comprehensive" review of its services along with third-parties.

Via Bleeping Computer / CityAM

How It works

Search Crack for

Latest IT News

May 27
Spotify has announced that it's scrapping the limit on how many songs you can download to your personal library.
May 26
Free screen recorders that will record or stream everything happening on your desktop.
May 26
Free PDF readers that offer a wealth of features, including editing, annotating and blocking security threats.
May 26
Free YouTube downloaders for saving videos from all the most popular hosting sites, including YouTube and many more.
May 26
Akamai's solution works in-browser to automatically identify suspicious behaviour such as web-skimming.
May 26
And it's an official HP patch, rather than some of the unofficial - and clunky - workarounds that have been floating around.
May 26
Windows 10 May 2020 Update will be released any day now, and its best new feature brings the ability to block the installation of unwanted apps.

Latest cracks