Security Flaws In The Zoom App, How Can It Be Overcome?

Security Flaws In The Zoom App, How Can It Be Overcome?


Several security flaws in one of the most popular Zoom video conferencing services have indicated potential installations of malware and rejection of service attacks from several unauthorized sites. In recent research, it is observed that Zoom will address its multiple security flaws with the help of recent app updates. Also, in return, it will provide more control over video sets in its next upcoming updates. Let’s have a look at the issues possed by Zoom app and what methods it has applied to overcome the same.

1. Zoombombing

The huge comeback of Zoom has welcomed its new aspect called zoombombing, that looks over the unauthorized entry in video conferencing in terms of abusing. The mischief-makers find out the information of meeting either by links that are shared publically or through social media platforms and other websites by easily guessing the ID code. It is essential to prevent such attacks by protecting passwords and not allowing anyone other than the host to share the screen.

The Zoom founder Yuan has taken various steps to address the concern such as fixing for Mac related issue. The further steps include clarifying the practices of encryption, issuing guidelines about how to avoid becoming a victim of zoombombing and eliminating a LinkedIn feature to protect the unnecessary disclosure of the data.

Moreover, in the upcoming next 2 months, it plans to prepare a transparency report on data requests; develop new features to highly focus on privacy and safety, enhance its bug bounty programs and conduct an overall review with professional experts regarding the upgradations of new security features for the customers.

2. Vulnerability To Mac Devices

The vulnerability in Mac devices allows any website to start a Zoom call by itself on the user’s PC, thus giving them a chance to enter webinars without permission. It further enables the webpages to penetrate the disapproval of service attacks. The flaws arrived by installing an additional web server by Zoom has been implemented to request confirmation each time whenever a user wants to join a Zoom meeting.

The web server which remains installed even when the Zoom removes itself from a Mac gives it a chance to welcome malicious practices. Web servers that employ certain domains to redownload the Zoom applications are most likely to expire in May. When Leitschuh warned Zoom providers regarding this issue, the company immediately renewed the expiring domains. To protect the users, it is essential to remove localhost web server solutions. 

3. Zoom installer bundled with malware

Several researchers at Trend Micro invented a new version of Zoom installer that has been found covered with cryptocurrency mining malware that is known as a coin miner. It tends to ramp your computer’s central processor unit. You will notice this when your clients instantly speed up or windows task manager depicts heavy CPU use.

To avoid such issue, it is important to protect your PC from such malware. Make sure you are running with the best antivirus programs and avoid clicking on any pop-ups, links in the email that promises to install Zoom on your system.

Conclusion Fixing out these flaws might take some time.  The users who tend to have highly sensitive discussions on the Zoom are most likely to be the target of the state-sponsored attacks. So you need to be aware of such malicious Zoom practices and find the most secure methods for communication in the meantime. 

Resident blogger for Zenosec, interested in all things cybersecurity.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.