Zoom Security – Known Risks and What You Can Do to Stay Safe
The Leddy Group Tech Support Team has a message to share this week! Our IT Team is sharing helpful information about Zoom, the online communication platform that allows video and audio conferencing and chats, when meeting in person isn’t a good option. Many of us have started to use Zoom during this COVID-19 crisis as it is free, and it’s a simple way to connect with friends, family, and work. The Leddy Group IT Team is a resource that our teams and clients can rely on for being in the know, and ready to help us navigate the apps and tools we use to conduct our business.
With this growing interest in remote meetings, it’s no surprise that they want to encourage us to learn more and be cautious, too. With that in mind, here’s a list of security concerns regarding Zoom. This is a consolidated list of security concerns and what you can do to improve your level of technological safety –
Zoom Bombing – Pranksters and trolls are scanning the internet and social media for open Zoom links. They are joining Zoom sessions and sharing their screen with inappropriate material. What can you do?
- Use only password protected links and require meeting passwords for your own Zoom meetings
- Don’t publicly post your Zoom links
- (further options) Disable “Join Before Host”
- (further options) Enable “Waiting Room” so guests must be invited in
- (further options) Enable “Rejoin Meeting Disabled” so booted participants cannot rejoin
- Info – https://www.wsj.com/articles/dont-get-bombed-how-to-host-zoom-meetings-hangouts-houseparty-and-more-11585819821
Windows Credentials Can Be Stolen via Zoom – Hackers can post a UNC link in Zoom chat, that if clicked (and proper security settings are not in place on your network) will reveal your Windows username and password to the hacker. UNC links would look something like \\malicious.link\no_clickie. What can you do?
- Do not click links in Zoom chat windows – especially from people you do not know
- Update Zoom – This issue has been patched as of 4/3/2020
- (further options) Disable “File Transfer” so there’s not an additional way for hackers to get you to click on something malicious
- (further options) Turn on firewall options on your home router/modem to block port 445
- Info – https://arstechnica.com/information-technology/2020/04/unpatched-zoom-bug-lets-attackers-steal-windows-credentials-with-no-warning/
Zoom is sharing your data with Facebook – This was the case recently for iOS users. Zoom added a software development kit (SDK) from Facebook so that Zoom users could use their Facebook account to login. This inadvertently was sending users’ information to Facebook even if they did not have a Facebook account. Zoom has since removed the Facebook SDK. What can you do?
- There’s nothing to be done here. Our team recommends not using any “sign in using Facebook” options.
- Update your Zoom desktop application to the newest release.
- Info – https://www.digitaltrends.com/computing/zoom-ios-app-facebook-data-updated/
Zoom Can Hijack Your Webcam and Mic on MacOS – There are two exploits here:
June of 2019: If a hacker can get you to click a web link to join their Zoom meeting, you may unknowingly join the hacker’s Zoom meeting. Your webcam and mic may then be automatically activated based on previous preferences.
April of 2020: Theoretically someone could insert code into the installer of Zoom to not prompt the installer for mic and webcam access and could flag Zoom to run silently – allowing a hacker to remote access your mic and camera (this has been disclosed to Zoom and is awaiting a fix). What can you do?
- Do not click on Zoom links from people you do not know or trust
- If you have a Mac, and have Zoom, it’s a good idea to uninstall the Zoom software, and then reinstall with the latest update.:
- How to uninstall Zoom – https://support.zoom.us/hc/en-us/articles/201362983-How-to-uninstall-Zoom-on-a-Mac-
- How to install the newest version of Zoom – https://zoom.us/download
- In advanced settings, jump down to ‘Video’ and select “Turn off my video when joining meeting”
- (further options) Update your mac to MacOS 10.14 Mojave, or MacOS 10.15 Catalina
- (further options) Download a program such as OverSight to monitor your Mac’s webcam and microphone usage – https://objective-see.com/products/oversight.html (Disclaimer: I have not used OverSight, only read about its function)
- Info – Exploit 1 – https://www.forbes.com/sites/zakdoffman/2019/07/09/warning-as-millions-of-zoom-users-risk-webcam-hijack-change-your-settings-now/#381fb2842d9f
- Info – Exploit 2 – https://objective-see.com/blog/blog_0x56.html
The Leddy Group’s Tech Support Team is available to help you. When you have questions about working in a remote environment, if you need help with remote video and audio set up, equipment selection or the myriad of other technology options, we have the team that can help. We offer sustainable pricing options that fit your budget with one-time, hourly, weekly or monthly support available. Reach out to IT@LeddyGroup.com for more information.
Be safe out there!