Zoom security issues: How to stay protected on flaw-riddled Zoom.

Zoom has become an ever-present platform for video conferencing, webinars, online classes, and other virtual events since COVID-19 happened. 

While it has provided an essential service for people worldwide, it has also been a target for cybercriminals due to its popularity surge. 

So, we must understand the risks attached to Zoom and take proactive measures to protect ourselves from the potential zoom security issues we’ll explore in this article.

What are Zoom’s security issues?

Following are some of the security issues on Zoom.

Zoom-bombing

Zoom-bombing is a term used when uninvited individuals hijack a Zoom meeting and disrupt it with offensive or inappropriate content. This can happen if you share meeting links publicly, and anyone with the link can join the meeting. 

For example, a Zoom meeting about cyberattacks was interrupted by such an attack on March 30. During the presentation, which covered the topic of coronavirus disinformation on social media platforms such as Reddit, Facebook, and Twitter, a Zoom bomber drew all over the screen, resulting in the meeting being cut short.

Zoom’s low-standard encryption

Zoom, in the beginning, had claimed to offer end-to-end encryption, which would have ensured that only the sender and receiver of the communication could access the content. 

But, it was later discovered that Zoom’s encryption standards were not up to par with industry standards, and the company was accused of misleading users about its encryption policies. This vulnerability could easily allow cybercriminals to intercept and access your data. 

Unethical data privacy practices

Zoom was criticized for not providing users with adequate information about the data it collects and how it is used. Also, the company was accused of sharing users’ data with Facebook, even for those who did not have a Facebook account.

The company faced a lawsuit for this practice as well in which Zoom had to pay a settlement of $85 million for the violation of users’ privacy rights and also agreed to upgrade its security practices.

Easily hackable meeting IDs

Zoom also generated meeting IDs which had about a 14% rate of being hacked by a tool named zWarDial. This vulnerability was exposed by some hackers themselves who also shared that having a valid meeting ID also compromises data like meeting date, time, organizer’s name, and all the information about the topic of discussion.

Zoom accounts compromised on Dark Web

With such lax security provided by Zoom, around 352 accounts and information attached with them like Email Addresses, passwords, and host names were found on Dark Web by a security firm called Sixgill. It also showed how these accounts included US healthcare providers, some small businesses, and many educational firms among many other personal accounts as well.

Latest security flaws on Zoom 2023

Following are some Zoom security issues ranging in severity levels:

Highly-Severe Security Issues

• CVE-2023-22885: Improper trust boundary implementation for SMB in Zoom Clients
• CVE-2023-22883: Local Privilege Escalation in Zoom for Windows Installers
• CVE-2022-36930: Local Privilege Escalation in Zoom Rooms for Windows Installers
• CVE-2022-36929: Local Privilege Escalation in Zoom Rooms for Windows Clients
• CVE-2022-36926: Local Privilege Escalation in Zoom Rooms for macOS Clients
• CVE-2022-36927: Local Privilege Escalation in Zoom Rooms for macOS Clients

Medium-level Security Issues

• CVE-2023-22884: Local Privilege Escalation in Zoom for macOS Installers
• CVE-2023-22881: Denial of Service in Zoom Clients
• CVE-2023-22882: Denial of Service in Zoom Clients
• CVE-2023-22880: Information Disclosure in Zoom for Windows Clients
• CVE-2022-36928: Path Traversal in Zoom for Android Clients
• CVE-2022-36925: Insecure key generation for Zoom Rooms for macOS Clients

How to mitigate Zoom security risks

Here are some steps that you can take to mitigate Zoom security issues/risks.

1. Use the latest version of Zoom

Ensure that you are using the latest version of Zoom as it includes security patches and fixes that have been identified in previous versions.

2. Enable waiting room

The waiting room is a feature that allows the host to control when participants join the meeting. This helps prevent unauthorized users from accessing the meeting and reduces the risk of “Zoom bombing.”

3. Use strong passwords

It’s important to use strong passwords for your Zoom meetings. Make sure that passwords are complex, with a mix of letters, numbers, and symbols. Avoid using predictable passwords that can be easily guessed.

4. Avoid sharing meeting links publicly

Try not to share meeting links publicly on social media or any other public forum. Instead, send the link directly to the participants you want to invite to the meeting.

5. Use authentication options

Zoom offers various authentication options such as SSO, LDAP, and MFA, which can help reduce the risk of unauthorized access.

6. Limit screen sharing

Limit screen sharing to only the hosts or designated presenters. This will prevent participants from sharing inappropriate content during the meeting.

7. Use the waiting room for breakout sessions

If you are using breakout sessions, use the waiting room feature for each breakout session to prevent unauthorized participants from joining.

8. Use VPN for better protection

Using a Virtual Private Network (VPN) can provide an additional layer of security when using Zoom. A VPN creates a secure, encrypted connection between your device and the internet, protecting your online activity from prying eyes. 

Benefits of using a VPN for Zoom

Following are the benefits of using a VPN for Zoom.

Protects your privacy

VPN is that it can help protect your privacy by masking your IP address. This is important because when you connect to Zoom, your IP address is visible to the other participants in the meeting. By using a VPN, you can hide your IP address and prevent others from tracking your online activity.

Prevent security breaches

With a VPN, all of your Zoom traffic is encrypted, making it much more difficult for hackers to intercept and access your data. This can help protect your sensitive information, such as your login credentials and meeting content, from being stolen or compromised.

When choosing a VPN for Zoom, it’s important to select one that is reputable and trustworthy like PureVPN.

Why use PureVPN?

Here are some of the reasons why you should consider using PureVPN for Zoom:

• Security: PureVPN uses military-grade 256-bit encryption to protect your online activity, ensuring that your Zoom meetings are safe and secure from potential threats.
• No-logs policy: PureVPN has a strict no-logs policy, which means that it does not keep any records of your online activity. This ensures that your privacy is protected when using Zoom.
• No IP leak: If a VPN is unable to mask your genuine IP address with a virtual one, it can result in IP leaks. PureVPN has IPv6 leak protection and a built-in kill switch feature that automatically cuts off your internet connection if the VPN connection drops, preventing any potential IP leaks.
• Global network: PureVPN has a vast network of servers located in more than 71+ countries, so you can use it even if you are in China, Iran, or any location where Zoom is banned.

How to use PureVPN for Zoom

The process is simple: 

• Sign up for PureVPN
• Download and install PureVPN
• Connect to a VPN server
• Open Zoom and host safe meetings.

Frequently asked questions

Wrapping up

Zoom security issues have become a major concern for individuals and organizations alike due to various vulnerabilities and threats like Zoom Bombing, unsecured meetings, lack of end-to-end encryption, and more. 

To mitigate these risks, it’s important to use strong passwords, enable waiting rooms, keep the software up-to-date, and use a reliable VPN service. For any assistance regarding VPN, feel free to reach us via the LiveChat option.