The Zoom Security Bug: What You Need to Know

What is Zoom?

Zoom is a cloud-based communication platform with a growing user base of 13 million active users. Its chat, audio, and video conferencing capabilities have risen in popularity recently due to the coronavirus pandemic. As more people stay indoors and work from home, Zoom has become an indispensable tool for collaboration and productivity.

What happened?

Last week, security researchers noticed a vulnerability in Zoom’s video conferencing software for Windows. The flaw leaves an opening for hackers to steal Windows passwords and execute commands on user devices.

How does the bug work?

To steal a user’s password, the attacker sends a URL link to their victim via a chat interface. When the user clicks on the URL, Zoom momentarily exposes the user’s credentials as it downloads the file. This is the opportunity hackers could seize to capture the user’s Windows password.

Is it fixed?

Yes. Zoom released a patch for automatic download shortly after the vulnerability was revealed.

However, Zoom has several other security missteps to account for, like its lack of end-to-end encryption to protect user call data from prying eyes.

All things considered, you may want to use a different communication platform until Zoom can safely meet its demand, like GoToWebinar or Skype. At the very least, we recommend changing your Windows password, just in case.

Should you be worried?

All things considered; this was a best-case scenario. When flaws are present in any system, you want the good guys to discover it before the bad ones do. Thus far, no accounts of an actual hack using these methods have been announced.

Unfortunately, this event highlights a growing issue that everyone should be aware of, especially those working from home. Hackers are taking advantage of the increase in remote work to spread malware, infiltrate insecure networks, and appropriate user data.

What should I do?

1. Stay informed. Follow a trusted source of information regarding any software or interfaces you use. These sources can be official product websites, legitimate news organizations, or our blog and social media – follow us!
2. Update your applications. Updates include important fixes that keep your network safe. Not all updates download automatically, so it’s important to regularly check your PC notifications and official software websites for the latest patches.
3. Change your passwords. A rule of thumb Is to change your passwords every 90 days. However, we recommend that you change your password whenever a security bug or data breach compromises a product or service you use. To learn how to create a strong password, click here.
4. Stay vigilant. Remember to follow cybersecurity best practices, such as carefully scrutinizing links or attachments sent via email or chat. For our list of cybersecurity best practices, click here.
5. Talk to your IT support professional. Your IT support professional SHOULD be managing situations like this for you. If they aren’t, call us at (914) 934-9775. As an IT Managed Service Provider (MSP), we proactively monitor all our clients to make sure they are protected. We know how to set up remote connections SECURELY so business owners and employees alike can work from home safely. Best of all, we have our finger on the pulse of the cybersecurity industry. If updates and patches are released, we handle their implementation for you, so you never have to think twice about whether your network is secure.

If you don’t have an IT support provider for your business, or you have any concerns about the safety of your company’s network and user credentials, feel free to contact us. We know it’s a stressful time to be a business owner, but we can make it through this together.