Experts warn against vulnerabilities of apps, videoconferencing platforms

Users of the platform can invite multiple people to a single call, making the app popular. (Reuters)
Short Url
  • “Over 300 compromised Zoom accounts are available on the dark web, which include each account’s connected email address, password, meeting ID, host key, and hostname”
  • “Zoom has been found using a nonstandard type of encryption to encrypt video, audio and text during online conferencing sessions”

RIYADH: Cyber experts are warning of the potential threats that come with online applications and video conferencing platforms as their use skyrockets during the coronavirus disease (COVID-19) lockdown.
Videoconference platform Zoom has gained much fame in recent weeks. Users of the platform can invite multiple people to a single call, making the app popular among families, workers and celebrities alike. In a blog posted to the application’s website on April 1, the company announced that it had reached 200 million users in March, compared to just 10 million in December 2019.
A string of targeted attacks by hackers and trolls, however, revealed that the application was not end-to-end encrypted, leaving users vulnerable to a phenomenon called “Zoom-bombing” while on video calls. Zoom-bombing involves a perpetrator or unsolicited participant abusing Zoom’s default screen-sharing settings to take over meetings and post racist or pornographic material or otherwise harass users during a video conferencing session.
Zoom has published guidelines to protect against this by setting up password-protected meetings and enabling waiting room options, he said.
On April 8, Zoom CEO Eric Yuan apologized to users in a YouTube livestream for a string of security lapses that have hit the app in recent weeks, pledging to take the breaches seriously.
The Information Security Department of the Saudi Arabian Monetary Authority has warned against the app, saying: “The use of a remote meeting application known as Zoom has spread recently, and there are several associated security vulnerabilities that could lead to meetings being spied on and sensitive information, such as passwords, being leaked. We warn against using this application.”
Muhammad Khurram Khan, professor of cybersecurity at the King Saud University told Arab News: “In the current lockdown, working, learning and socializing from home has led to a significant spike in the use of online applications and video conferencing platforms including Zoom, WebEx, Skype, Google Hangouts and Microsoft Teams.
“Some popular videoconferencing and distance learning applications have added millions of users overnight, causing their share price in the stock market to soar.”
Khan, who is also founder and CEO of the Washington-based Global Foundation for Cyber Studies and Research, believes the reason behind Zoom’s popularity is due to its user-friendly features.
Khan further said: “Cybercriminals have exploited this increased popularity, registering over 3,300 Zoom-related website domains to hack or phish users. These websites contain malicious and impersonated Zoom applications, which could harm smartphones and computing devices by stealing sensitive data and conducting ransomware attacks.
“Over 300 compromised Zoom accounts are available on the dark web, which include each account’s connected email address, password, meeting ID, host key, and hostname.”
Zoom also has its inherent security and privacy vulnerabilities, which have sparked a vigorous debate in the cybersecurity community and global media.  
“Zoom has been found using a nonstandard type of encryption to encrypt video, audio and text during online conferencing sessions,” Khan said.
“It is highly recommended for government agencies, journalists, businessmen, ministers, and officials working on sensitive projects to consider only those applications that have strong security and privacy features for video conferencing sessions,” Khan said.

Khan also recommended that normal users wishing to communicate with family, friends or colleagues likewise take precautionary measures in choosing video conferencing applications.
The National Cybersecurity Authority has issued recommendations on how to protect remote meetings using Zoom, such as not using personal meeting IDs for public meetings, using strong passwords for all organized meetings, and locking meeting sessions once all participants are logged on.