The most widely used but yet the most vulnerable video conferencing app ZOOM has now come up with a new variant of attack that can escalate the attendee’s permission in a conference call which are given by the Host by doing some code injections. The video conferencing ZOOM seen to have almost more than 100 times traffic to its websites and apps due to the COVID-19 outbreak due to which every organization, school, colleges who are dependent on this app for their remote meetings are now seen to move on with other options. With almost every pentester targeting on this company, the company’s product is no more the secure place to conduct meeting. Following this, researchers are continuously testing the different kinds of present vulnerabilities that can harm to the end user privacy or its device. Zoombombing the most widely spread example is the great proof that the app is not safe and anyone with just having the ID for the meeting can get the confidential materials shared in the meeting. But today we will not talk about an attacker, we will talk about those clients who are the part of the meeting and how much damage they can cause to the meeting.
SOME MORE ABOUT ATTACKS
The first attack we will look into is that of discovered by Morphisec researchers in which they said that threat actors inside the meeting voluntarily record Zoom sessions without any of the meeting participants’ knowledge even when the administrator i.e. host of the meeting has disabled the recording functionality for other participants. The attacker who is a participant of the meeting can achieve his motive by injecting some malicious code in the ongoing meeting. As soon as the attacker injects the malicious code, it triggers the session recording. On the screen, the attacker is now able to view that the session is indeed being recorded even without the knowledge of the other participants and the hosts. Even the attacker can also record the video of the individually participants who have their webcams on. After the session ends, the malware manipulates Zoom so that the unauthorized recording of the session can be delivered in a location where the attacker wants to. The attacker now has access to a full decrypted session, that supposedly wasn’t recorded and all videos that were shared. The attacker can also able to read and track the group meeting chats and can also make a log server to save the chats.
Another attack which which has become popular is that of the disguise attack. Dipfake technologies have become so advanced that now they can substitute the face of any person in real time. In this case, everything looks to a certain extent realistic. This trick was recently demonstrated by one of the experts Programmer Ali Aliyev used the open source First Order Motion Model for Image Animation, As a rule, to successfully replace a person, there is a need to “feed” the algorithm several photos of the person you want to introduce yourself to. As a result, an attacker can take the face of one of the known participants in the meeting and then can able to become a trusted member of that group.
The Zoom app has now become the potential targets of all the attackers out in the market to stole the sensitive information from the big organizations and then either selling them in the market or using them as one of the tools to launch phishing attacks. The big giants like Google, NASA have all restricted the use of this app in their environment. Recently, the security researchers has found out that some spies are able to track the information with the help of Zoom. Therefore, we will suggest you to:
- Switch to other video conferencing apps which has better end to end encryption than zoom like jitsi (an open source software ).
- Not send or share any sensitive information through zoom until the company releases a new patched update.
- Do not share meeting IDs or passwords on social Media.
RSU is security researcher who is constantly working to make world a secure place to live. He is working day and night in Cyber Security area.