Zoom members need to be aware of a new security flaw which can let cybercriminals secretly spy on your meetings. The coronavirus pandemic, and much more working from home, has seen Zoom user numbers skyrocket. Recent stats have revealed that Zoom’s active daily users has jumped from 10million to 300million since December.
However, this huge surge in popularity has not gone unnoticed by nefarious parties that have put Zoom in their crosshairs.
Just recently Zoom users were warned after more than 500,000 accounts were listed for purchase on the Dark Web.
And now Zoom fans have been put on alert about more security fears, with this latest threat something that may have gone by users completely unnoticed.
Researchers at Morphisec Labs highlighted the flaw which enables bad actors to record Zoom sessions and capture chat text without those in the meeting even noticing it.
This security threat can even be activated by cyber crooks when the host of a Zoom meeting has disabled the recording function for those participating.
- Zoom meeting: Simple steps for scheduling a Zoom meeting
The trigger for all of this is malware that gets injected into a Zoom process without any interaction of a user, a post by Security Boulevard revealed.
When this occurs none of those taking part in the Zoom meeting are notified that the session is being recorded.
This enables cybercrooks to spy on Zoom sessions without users even having an inkling of anything untoward going on.
Zoom has been informed of the security flaw, and Express.co.uk has contacted the service for a comment.
The news comes as Zoom said they would be rolling out a new security update that will be focusing on improved encryption.
In a post online Zoom last week announced that build 5.0 will offer increased privacy protection.
- Forget Houseparty, WhatsApp is still king during self-isolation
However, the bad news is that the update will only be rolled out to all accounts by May 30.
The update will also feature an improved user interface which has security settings in a more accessible position.
Speaking about the 5.0 update, Eric S Yuan – the CEO of Zoom – said: “I am proud to reach this step in our 90-day plan, but this is just the beginning.
“We built our business by delivering happiness to our customers.
“We will earn our customers’ trust and deliver them happiness with our unwavering focus on providing the most secure platform”.
While Oded Gal, CPO of Zoom, added: “We take a holistic view of our users’ privacy and our platform’s security.
“From our network to our feature set to our user experience, everything is being put through rigorous scrutiny.
“On the back end, AES 256-bit GCM encryption will raise the bar for securing our users’ data in transit.
“On the front end, I’m most excited about the Security icon in the meeting menu bar.
“This takes our security features, existing and new, and puts them front and centre for our meeting hosts.
“With millions of new users, this will make sure they have instant access to important security controls in their meetings.”
Source: Read Full Article