Let's look at why Zoom is vulnerable and what we can do to be safe.
The platform has presented some security flaws reported by its users. / Photo: Rawpixel
LatinAmerican Post | Ariel Cipolla
Escucha este artículo
Leer en español: Cómo solucionar la falla de seguridad de Zoom
Due to the coronavirus outbreak, more and more work is being done remotely. Such is the case that the current President of Russia, Vladimir Putin, is doing his work virtually, according to the Infobae newspaper.
Well, the point is that not all applications are as safe as they appeared. In particular, we are talking about Zoom, which allows up to 100 members simultaneously in its free version, which has a huge critical vulnerability in its version for the Windows 10 operating system.
What problems occur with Zoom in Windows 10?
According to some cybersecurity researchers, the Zoom application in its version for Windows 10 has some problems that can compromise the privacy of users. According to the TN media website, it is a service that grew a lot during the quarantine, but it does not have encrypted content and was used to distribute malware.
This is what happened thanks to a failure that made it easier for a user to join a session in which he did not have permission. Therefore, all this information was found after computer security experts decided to analyze this popular service, which is why they found that user data is at risk.
A young hacker known as Matthew Hickey found a major flaw in using the application with the Microsoft operating system. As he explains, a hacker could access all the access data of someone else's personal Windows account, being able to make video calls without the need for authorization.
Dear @zoom_us & @NCSC - well that escalated quickly.... Thanks to @AppSecBloke & @SeanWrightSec for letting me use their Zoom meeting to test. You can exploit UNC path injection to run arbitrary code, Windows does warn you with an alert box however. pic.twitter.com/aakSK1ohcL— Hacker Fantastic (@hackerfantastic) April 1, 2020
This is explained due to the UNC (Universal Naming Convention) routes, where these links are used through the SMB protocol. Then, Windows sends access data to the person who uses the link without the need for verification, since it is only required to decrypt the password. This results in malware being able to run or simply logging in to another account.
However, this not all. According to what El Mundo says, there were some shocking episodes where “unauthorized” people entered sessions that were a priori private. In theory this should not happen since the content is supposed to be end-to-end encrypted.
The matter became so relevant that, in the state of Virginia, in the United States, some public schools decided not to use the tool anymore. Similarly, the country's army is prohibited from using it for official business, as it is a situation of enormous insecurity for the participants.
How to fix the fault?
Despite the fact that the company itself is putting all its effort into solving the problem, we as Windows 10 users can protect ourselves. We must remember that this situation does not affect those who use the Apple operating system, so the measures to be taken would be very simple.
What we will do is disable the automatic submission of credentials for a successful login. Thus, we will go to the Security Settings, which is found in the Windows Settings of the computer. Once there, we will look for the section "Security options", entering in "Network security: restrict NTML: outgoing traffic to remote servers". We will check the “Deny all” box.
Another option may be to change the Windows registry value. In this case, we will go into regedit and look for the path HKEYLOCALMACHINE SYSTEM CurrentControlSet Control Lsa MSV1_0. There we will change the RestrictSendingNTLMTraffic value, which appears in 1, modifying it to 2. This way we can protect our data, although we should look for other alternatives until they solve the problem.