Express Computer
Home  »  Security  »  Hackers love to find exploits in Zoom, sell on Dark Web

Hackers love to find exploits in Zoom, sell on Dark Web

0 314

Video meet app Zoom that has gained immense popularity among the enterprises, SMBs and schools in India and elsewhere to connect remotely, has also become a treasure trove for both ethical and not-ethical hackers who have zeroed in on the video conferencing app to find privacy and security bugs and make money.

One hacker interviewed by Motherboard who claims to have traded exploits found in Zoom on the black market said that Zoom flaws typically sell for between $5,000 to $30,000.

The vulnerabilities – everything from webcam or microphone security to sensitive data like passwords, emails, or device information – are being sold on the Dark Web.

However, hackers said that Zoom flaws don’t sell for high figures compared to other exploits.

With this context in mind, we have the below commentary from Flock – the leading workplace communication and collaboration platform.

According to Devashish Sharma, CTO at workplace communication and collaboration platform Flock, it is crucial for businesses to have to right security apparatus in place to avoid confidential organisational data falling into the wrong hands.

“The recent incident where hackers posted pornographic content on the user screens of video conferencing app Zoom, shows us how cybercriminals are working overtime to find vulnerabilities and steal user data. In such a situation, it is vital that communication platforms support end-to-end encryption and multi-factor authentication to avoid such untoward incidents,” Sharma said in a statement.

While Zoom has emerged as a leading teleconferencing provider during the COVID-19 pandemic, the app is marred by daily news about it being prone to hacking.

Issues that have affected its credibility is data-sharing with Facebook, exposed LinkedIn profiles, and a “malware-like” installer for macOS.

Zoom Video Communications has also been sued by one of its shareholders who alleged that the company kept some of its security flaws hidden.

The lawsuit, filed in the US District Court for the Northern District of California, alleged that Zoom failed to disclose some vulnerabilities and that the services did not provide end-to-end encryption.

Zoom has started facing criticism as reports of “Zoombombing” and other privacy issues started surfacing from different parts of the world.

Citing privacy and security concerns, Google has banned video meeting app Zoom for its employees.

According to Rafi Kretchmer, Head of Product Marketing at cyber security firm Check Point, cybercriminals will always seek to capitalize on the latest trends to try and boost the success rates of attacks, and the coronavirus pandemic has created a perfect storm of a global news event together with dramatic changes in working practices and the technologies used by organizations.

“This has meant a significant increase in the attack surface of many organizations, which is compromising their security postures. To ensure security and business continuity in this rapidly evolving situation, organizations need to protect themselves with a holistic, end-to-end security architecture,” Kretchmer said in a statement.

This means ensuring accessible and reliable connections between corporate networks and remote devices 24/7, promoting collaboration and productivity between teams, networks and offices, and deploying robust protection against advanced threats and cybercrime techniques at all points on the enterprise network fabric.

Zoom Founder and CEO Eric Yuan has apologized for the privacy and security issues or Zoombombing being reported in his app.

The video meet app has also been slammed for the lack of users’ privacy and security by the US Federal Bureau of Investigation (FBI).

Advertisement

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 
We are Live Now !

TECH SENATE-2022
REINVENTING FOR THE FUTURE
DAY-3

Join our live event and learn how to use the latest technologies to future proof your IT infrastructure.
WATCH NOW
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image