Hackers love to find exploits in Zoom, sell on Dark Web


Hackers love to find exploits in Zoom, sell on Dark Web
Video meet app Zoom that has gained immense popularity among the enterprises, SMBs and schools in India and elsewhere to connect remotely, has also become a treasure trove for both ethical and not-ethical hackers who have zeroed in on the video conferencing app to find privacy and security bugs and make money.
One hacker interviewed by Motherboard who claims to have traded exploits found in Zoom on the black market said that Zoom flaws typically sell for between $5,000 to $30,000.
The vulnerabilities - everything from webcam or microphone security to sensitive data like passwords, emails, or device information - are being sold on the Dark Web.
However, hackers said that Zoom flaws don't sell for high figures compared to other exploits.
With this context in mind, we have the below commentary from Flock – the leading workplace communication and collaboration platform.
According to Devashish Sharma, CTO at workplace communication and collaboration platform Flock, it is crucial for businesses to have to right security apparatus in place to avoid confidential organisational data falling into the wrong hands.
"The recent incident where hackers posted pornographic content on the user screens of video conferencing app Zoom, shows us how cybercriminals are working overtime to find vulnerabilities and steal user data. In such a situation, it is vital that communication platforms support end-to-end encryption and multi-factor authentication to avoid such untoward incidents," Sharma said in a statement.
While Zoom has emerged as a leading teleconferencing provider during the COVID-19 pandemic, the app is marred by daily news about it being prone to hacking.
Issues that have affected its credibility is data-sharing with Facebook, exposed LinkedIn profiles, and a "malware-like" installer for macOS.
Zoom Video Communications has also been sued by one of its shareholders who alleged that the company kept some of its security flaws hidden.
The lawsuit, filed in the US District Court for the Northern District of California, alleged that Zoom failed to disclose some vulnerabilities and that the services did not provide end-to-end encryption.
Zoom has started facing criticism as reports of "Zoombombing" and other privacy issues started surfacing from different parts of the world.
Citing privacy and security concerns, Google has banned video meeting app Zoom for its employees.
According to Rafi Kretchmer, Head of Product Marketing at cyber security firm Check Point, cybercriminals will always seek to capitalize on the latest trends to try and boost the success rates of attacks, and the coronavirus pandemic has created a perfect storm of a global news event together with dramatic changes in working practices and the technologies used by organizations.
"This has meant a significant increase in the attack surface of many organizations, which is compromising their security postures. To ensure security and business continuity in this rapidly evolving situation, organizations need to protect themselves with a holistic, end-to-end security architecture," Kretchmer said in a statement.
This means ensuring accessible and reliable connections between corporate networks and remote devices 24/7, promoting collaboration and productivity between teams, networks and offices, and deploying robust protection against advanced threats and cybercrime techniques at all points on the enterprise network fabric.
Zoom Founder and CEO Eric Yuan has apologized for the privacy and security issues or Zoombombing being reported in his app.
The video meet app has also been slammed for the lack of users' privacy and security by the US Federal Bureau of Investigation (FBI).
Source: IANS