Zoom meetings: the very popular but not very secure videoconferencing service

Zoom meetings: the very popular but not very secure videoconferencing service

Zoom-meetings

     Zoom is a video-conferencing application that allows you to create a video meeting in a matter of seconds where you can see your colleagues, send text messages and files, as well as share your PC's desktop and application views.

     Security breaches, questionable development techniques, blurred marketing... The new darling of confined teleworkers is far from being a panacea in the world of videoconferencing.

     What should we really think about Zoom? Since half of the world has been confined, this videoconferencing service has been steadily gaining in popularity, apparently with good reason.

     The interface is pleasant and the audiovisual quality is of a very good level. But more and more shadows are appearing in the picture, in terms of security and protection of personal data.


     Last week, as you may recall, the company had to make several back-pedals. According to the Vice site, its iOS application was sharing user data with Facebook without this being clearly mentioned.

     At the same time, a Harvard researcher alerted in a blog post about Zoom's potential sale of personal data for advertising purposes.

     Last Friday, the app was updated to stop this exchange with Facebook. In the wake of this, the company modified its personal data protection policy by adding the following sentences:

     "Zoom does not monitor or use customer content for any reason other than the provision of our services. Zoom does not sell customer content to anyone and does not use it for advertising purposes. "End of controversy? Not really.

Is Zoom a safe app?

     The Intercept site has now revealed that Zoom's audio and video communications are not encrypted end-to-end, despite the company's strong suggestion to that effect on its website and in a technical white paper.

     In its words, this would make it possible to "secure a meeting with end-to-end encryption. But in reality, only instant messaging can be end-to-end encrypted.


Is-Zoom-a-safe-app?

     Audio and video streams are only encrypted in TLS between client terminals and Zoom's servers, as is the case for any other secure website.

     In theory, the company can, therefore, listen to and view the content of meetings... and government authorities can do the same if they wish.

     Zoom's marketing communication is therefore far from clear on this subject, probably because the company is trying to hide this technical weakness.

     Other services offer end-to-end encryption. This is the case, for example, for Signal voice calls and Apple FaceTime audio and video conferencing.

     Security researcher Matthew Green told The Intercept that end-to-end encryption of a multi-person video conference is difficult to achieve because you need to be able to detect who is talking in real-time.

     When everything is encrypted, you have to implement specific mechanisms, which is "doable, but not easy," he says.

     And that's not all. Time and time again, we discover bugs and quirks in Zoom's software. The Vice site has just revealed that people who shared the same domain name in their e-mail addresses were automatically grouped together in the same address book.

     They could, therefore, access profile information and make video calls to complete strangers.

     At the company level, this may make sense, but for personal addresses from Internet Service Providers, this is already much less the case.

     The Zoom developers had the presence of mind to exclude addresses from large providers such as Gmail, Yahoo or Hotmail, but they obviously didn't think about the other cases.

A vulnerability in the Windows client


     Hackers have also just found a rather simplistic vulnerability in the Windows client. Instant messaging allows injecting external links in the Windows network format.


hacker-zoom-app

     If the user clicks on them, the person controlling the external server in question can retrieve the user's password fingerprint, a data that a hacker can decipher quite easily.

     On macOS, Zoom's reputation has long been quite deplorable. In July 2019, remember, a security researcher revealed that any website could activate a Mac user's webcam, due to a permanent local web server that Zoom installed on the computer that was neither seen nor known.

     A quirk that Apple finally ejected manu militari through an emergency update.

Techniques worthy of a hacker


     But this is not the end of bad practice. In a Twitter thread, another security researcher has now analyzed the installation procedure of the current software client on macOS.

     Result: to improve user comfort, Zoom's developers do not hesitate to use techniques worthy of a hacker.

     All these discoveries show that while Zoom's engineers have succeeded in creating a powerful videoconferencing software, security and personal data protection were not really at the heart of their concerns. Let's hope that this will change.

Popular posts from this blog

Natural Remedies For Anxiety And Stress

Image
Natural Remedies For Anxiety And Paranoia from aspirations-design.blogspot.com Introduction Anxiety and stress are common mental health issues that many people face in their daily lives. These conditions can be overwhelming and have a negative impact on one's overall well-being. While there are various medical treatments available, natural remedies can also provide effective relief. In this article, we will explore some natural remedies for anxiety and stress that can help promote a sense of calm and relaxation. 1. Exercise Regularly Physical activity is known to release endorphins, which are natural mood boosters. Engaging in regular exercise, such as walking, jogging, or yoga, can help reduce anxiety and stress levels. It also promotes better sleep and overall mental well-being. 2. Practice Deep Breathing Deep breathing exercises can help calm the mind and reduce stress. Take slow, deep breaths, filling your lungs completely, and then exhale slowly. Repeat this several times,
Read more

Benefits Of Regular Strength Training Exercises

Image
Poster On Benefits Of Regular Exercise Exercise Poster from exerciseposter.blogspot.com Introduction Regular strength training exercises have become increasingly popular in recent years, and for good reason. Not only do they help you build muscle and tone your body, but they also offer a wide range of health benefits that can improve your overall well-being. Whether you are a beginner or a seasoned fitness enthusiast, incorporating regular strength training exercises into your routine can have a profound impact on your physical and mental health. Muscle Building and Toning One of the primary benefits of regular strength training exercises is their ability to build and tone your muscles. By consistently challenging your muscles with resistance, you stimulate muscle growth and increase their strength. This not only enhances your physical appearance but also improves your overall strength and endurance, making everyday tasks easier to perform. Increased Metabolism and Fat Burning Stre
Read more

amscoextra

key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key key
Read more