ZOOM – SECURITY ADVISORY
Dear Esteemed Clients,
As a result of the state-wide lockdown, amidst the global pandemic, a size-able number of organizations are compelled to utilize remote work applications, so as to keep them active and functioning. Remote work applications may be the best solution to current restraints but, it is necessary to carry out risk analysis on these applications, in order to counteract security risks.
There are various applications that allow remote work to happen smoothly. Zoom, a very popular choice, is an easy-to-use video conferencing app, whose use has spiked amid the COVID-19 pandemic.
However, it has been brought under spotlight due to series of recently discovered security vulnerabilities.
Security researchers uncovered a Universal Naming Convention (UNC) path injection vulnerability in the Zoom Windows client, which could enable attackers to steal Windows credentials of users. This same vulnerability allows the execution of arbitrary remote code by an attacker, allowing them to gain a strong foothold of your machine. There are also reports about Zoom video conferences and calls being vulnerable to eavesdropping where intruders are able to illegally join non-password protected Zoom meetings by generating a list of Zoom Meeting IDs, validating their existence, and connecting to these meetings, where they can listen in on conversations and access files being shared in such meetings.
Zoom is aware of these security flaws, and have responded promptly by releasing patches and processes to fix and curb some of these vulnerabilities. It is important to note that as days go by, chances are that more vulnerabilities could be found not only on Zoom, but on other video conferencing applications
With this in mind, Digital Encode shares recommendations for organisations using Zoom and other video conferencing applications as a tool to facilitate remote work.
- Change current Zoom password to be safe as there are growing concerns that zoom accounts are being sold on the dark web.
You can check if your Zoom account (Email Address) has been compromised on https://haveibeenpwned.com/. If it has been compromised, change your email address immediately if possible and your password.
- Ensure password used on Zoom is not used on other sites or for authenticating to the email account of the registered email address.
- Do not make meetings or classrooms public.
- Do not share Zoom conference links on public social media.
- Ensure all meetings are password protected.
- Manage screen-sharing options.
- Ensure users keep their Zoom/Video Conferencing clients up to date. This is very important as patches could be immediately released to fix identified vulnerabilities.
- Ensure your organisation’s telework policy addresses requirements for physical and information security.
- Ensure up-to-date security protection is installed and active on any device that will be used for work i.e. virus checkers, firewalls, device encryption should all be in place.
- Implement a password security policy: Organisations need to enforce a strong passwords complex
- Enable two-factor authentication on all login platforms not limited to emails, social platforms, transacting application.
- Enable the waiting room for meetings so that users will only be able to join the meeting when the host allows them to.
- Disable the option to join the meeting before the host.
- Restrict the meeting recording feature.
- Lock the meeting once all participants have joined.
- Disable or restrict file transfers.
- Do not allow removed participants to rejoin the meeting without manual host approval.
- By default, only the host should be allowed to use the screen sharing feature.
Kindly follow the recommendations above to prevent further malicious attacks from taking place.
Visit https://digitalencode.net/articles/ from more security tips and advisory.