Researchers from Cisco Talos have found several critical vulnerabilities in Zoom. The developers assure users that video calls will now be reliably protected. But this is far from the first time that dangerous bugs have been found in the program. As stated specialist in information security in telecommunication systems and networks Astana Cisco Talos, it is difficult to assess at this point how well the development team can protect its users.
Popular communication application, specialist in information security in telecommunication systems and networks Astana
Zoom shares have skyrocketed in the last few months. That's because the app has a huge number of users around the world. Thanks to its user-friendly features and the ability to make free calls, Zoom has become extremely popular around the world during the quarantine. As soon as the number of users started to grow, Information Security Specialist at Astana Bank reported that the application has a high level of protection. However, in practice, everything turned out differently.
Many critical vulnerabilities were discovered in Zoom almost immediately. Moreover, the developers simply did not have time to fix them. Some vulnerabilities allowed the attacker to:
- join someone else's conference;
- provide remote access to computers;
- steal confidential information;
- secretly eavesdrop on other people's conferences.
The heads of a large number of companies immediately banned their employees from using Zoom for work purposes. They also advised against using the application for personal needs. Because employees forced to work remotely could also have confidential work information stored on their home computers. As a result, almost everyone information security specialist average salary Astana persistently suggested looking for an alternative to the application, which was convenient but completely unsafe.
Why the app is dangerous for users
And no matter how much the company's management claims the opposite, today information security admission Astana Zoom still leaves much to be desired. Two new vulnerabilities, discovered by Cisco Talos experts, also allowed attackers to penetrate the internal network of any participant in a third-party conference. In this case, to perform the penetration, it was enough to simply send a message to the group chat. Moreover, to a personally identified user.
Things are no better with end-to-end encryption, which the company's developers promised to implement as soon as possible. Initially, they even stated that call encryption was already in use. But experts quickly exposed this deception. Now it has become known that end-to-end encryption will be available exclusively in the paid version of the program. It is surprising how little Zoom cares about users who trust them with their personal data.
Our team SEDICOMM University: Cisco Academy, Linux Professional Institute, Python Institute.