Scribd Logo
Upload

Welcome to Scribd!

  • Zoom Security Review by Safaricom

    Uploaded by

    Majala Mlagui
    42 views6 pages

    Original Title

    Zoom security review by Safaricom

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    42 views6 pages

    Zoom Security Review by Safaricom

    Uploaded by

    Majala Mlagui

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    Zoom Security Issues

    C3 - Safaricom Confidential Internal


    Risk Assessment| Zoom Vulnerabilities
    # RISK Brief Business Implication (s) Recommended Mitigations

    1 Zoom’s app for iPhone and iPads • “Login with Facebook” feature using • Breach of customer • update to the latest version of zoom
    sends data about users’ devices to the Facebook SDK for iOS in order to privacy application that has been patched
    Facebook, including people who provide zoom users with another
    did not have Facebook accounts. convenient access method. The
    Facebook SDK was collecting
    unnecessary device information
    including mobile OS type and version,
    device time zone, device OS, device
    model and carrier, screen size,
    processor cores, and disk space.

    2 over 500,000 Zoom accounts are • Compromised zoom accounts being • Breach of customer • Zoom users to change their passwords
    being sold on the dark web and sold in the dark web privacy
    hacker forums • Check the data breach notification site,
    • Lead to more advanced https://haveibeenpwned.com/ to
    attacks e.g. phishing determine whether their email addresses
    have been leaked in the attack.

    C3 - Safaricom Confidential Internal


    Risk Assessment| Zoom Vulnerabilities
    # RISK Brief Business Implication (s) Recommended Mitigations

    3 Zoom-Bombing’ where hijackers • People are guessing or finding Zoom • Poor customer • Use below recommended settings by
    infiltrate Zoom sessions and can meeting ID numbers online and experience zoom
    send profane messages or audio entering uninvited to leave disruptive
    or send indecent videos comments or share disruptive media • Reputational damage • Generate random meeting IDs
    using Zoom’s screen-share feature.
    Finding open meetings, which have IDs • Enable the "Waiting Room" feature so that
    from nine to 11 digits, is relatively simple you can see who is attempting to join the
    and has already been automated. meeting before allowing them access

    • Once the meeting begins and everyone is


    in, lock the meeting to outsiders

    4 Zoom service does not support • Zoom does not use E2EE for video calls. • Data Leakage
    end-to-end encryption for video Zoom uses some encryption (known as
    and audio content transport encryption) but not the more • Breach of customer
    secure end-to-end type. privacy

    C3 - Safaricom Confidential Internal


    Risk Assessment| Zoom Vulnerabilities
    # RISK Brief Business Implication (s) Recommended Mitigations

    5 Zoom account hijacking A way for anyone to easily hijack any • Fraud • Install the latest version of zoom that has this
    existing Zoom account if the account email issue fixed
    address was known or successfully guessed. • Breach of customer
    privacy

    6 Potential security vulnerability with • Vulnerability details not disclosed by • Zoom disabled the file sharing feature
    zoom file sharing zoom.

    7 A version of the Zoom installer The Zoom installer will put Zoom version • Fraud • Ensure a latest Zoom client software is
    (4.4.0.0) has been bundled with 4.4.0.0 on your Windows PC, but it comes installed and is obtained only from the
    cryptocurrency-mining malware, i.e. with a coin-miner that Trend Micro has given official zoom site
    a coin-miner. the catchy name
    Trojan.Win32.MOOZ.THCCABO. The coin- • Run anti-virus on the machine to detect
    miner will ramp up your PC's central malware
    processor unit, and its graphics card if there
    is one, to solve mathematical problems in
    order to generate new units of
    cryptocurrency. You'll notice this if you fans
    suddenly speed up or if Windows Task
    Manager (hit Ctrl + Shift + Esc) shows
    unexpectedly heavy CPU/GPU use.

    C3 - Safaricom Confidential Internal


    Risk Assessment| Zoom Vulnerabilities
    # RISK Rationale Business Implication (s) Recommended Mitigations

    8 UNC Path injection vulnerability that If a malicious Zoom bomber slipped a UNC • Fraud • Apply latest Patch from Zoom that fixes the
    allows windows password stealing path to a remote server that he controlled issue
    into a Zoom meeting chat, an unwitting • Breach of privacy
    participant could click on it.
    • Lead to advanced
    The participant's Windows computer would attacks
    then try to reach out to the hacker's remote
    server specified in the path and
    automatically try to log into it using the user's
    Windows username and password.

    The hacker could capture the password


    "hash" and decrypt it, giving him access to
    the Zoom user's Windows account.

    9 Windows malware injection. • a hacker can insert a UNC path to a • Fraud • Zoom disabled the file sharing feature
    remote executable file into a Zoom
    meeting chatroom. If a Zoom user running
    Windows clicked on it the user's computer
    would try to load and run the software.

    C3 - Safaricom Confidential Internal


    C3 - Safaricom Confidential Internal

    You might also like