Best Practice

Thursday, 09 July 2020 10:59

Securing Zoom

Written by
Rate this item
(0 votes)

A video conferencing tool Zoom has become more popular, due to the home working incentive created by the Covid-19 virus.

However, a new term Zoombombing now describes when an unauthorized person joins a Zoom meeting or chat session that has mischievous or malicious intent. These intruders have posted hate speech and pornography, resulting in a warning from the FBI for the users toi be diligent and cautious. These individuals have been sharing their Zoom meeting IDs, via online forums and even recording their attacks on TikTok and YouTube. An automated tool now exists to locate Zoom rooms and meetings.

Holding private meetings with the use of the waiting room and password features help to keep control of who can enter the meeting, and when inviting people for the meeting avoid doing so via public social media posts only sending the links to specific contacts with direct messaging. Also locking the meeting once everyone has entered, plus disabling the screen sharing for non-hosts will provide safer usage of this platform. As normally make sure to keep update to date with all updates and patches.

The Citizen Lab has looked into the end to end encryption that Zoom states in its marketing material. As of writting it uses a dated encrytioned method AES-128, which leaves patterns in the input from the video allowing intercepted images to remain visible. They also observed that during test calls in North America, meeting keys where being sent via servers in Beijing. This highlighted the potential limitations in cryptography and the possibility of nation state attack attempts. However, upon checking their website they have issued an update on the 17th june 2020, and this states the default encryption is now AES 256 GCM. Plus E2EE (End To End Encryption) as an early beta July 2020.

There was also a bug that needed to be fixed which meant the attacker could takeover a Mac user's computer that was using Zoom, so making sure to apply the updates and security patches is always a good idea.

Read 80 times Last modified on Saturday, 11 July 2020 17:37
More in this category: « Clicking Items In Emails

Cybecure e.U

Commercial register number:: FN535449
Register court: Landesgericht Wels

Get In Touch

Address: Grünau im Almtal
Phone: +43 664 6431946

Email:
Website: www.cybecure.at

PGP Key

Why Cybecure

Cyberattacks on IoT increased 300% in 2019, due in large part to rapid adoption of IoT in combination with aging firmware and IT architectures. Many of these are unprecedented attacks and include seemingly impenetrable systems, including Apple’s iOS.

© 2020 Cybecure. All Rights Reserved.

Search

X

Right Click

No right click