Zoom - recent security vulnerabilities, exploits in wild

Forums › IT Pro and developers › Zoom - recent security vulnerabilities, exploits in wild

zenourn

281 posts

Ultimate Geek
+1 received by user: 168

ID Verified

Trusted

#269709 3-Apr-2020 15:59

Zoom's popularity has obviously grown substantially in the last few weeks. However, there have been numerous recent security issues with Zoom that have been found and discussed (i.e., https://www.wired.com/story/zoom-backlash-zero-days/).

These security issues aren't purely theoretical: Today I had a case where Zoom had been locally modified to deploy a man-in-the-middle attack. This was for a technical user on MacOS and were lucky that they noticed the certificate mismatch error.

The GCSB have updated their guidelines for the use of Zoom https://www.ncsc.govt.nz/newsroom/zoom-security-advice-for-public-servants/ but these guidelines possibly don't go far enough given that there are exploits out in the wild and potential root access.

1 | 2 | 3

20515 posts

Uber Geek
+1 received by user: 4795

#2453902 3-Apr-2020 16:01

I am wondering why more aren't using facetime , which allows for multiple video chat windows too. Also doesn't skype do this which is cross platform?

old3eyes

9158 posts

Uber Geek
+1 received by user: 1364

Subscriber

#2453921 3-Apr-2020 16:27

mattwnz:

I am wondering why more aren't using facetime , which allows for multiple video chat windows too. Also doesn't skype do this which is cross platform?

My wife's been using Zoom for her work and it just seems to work fine out of the box. Shes going to try Skype but after spending hours trying to get someone setup remotely I'm not too sure.

Regards,

Old3eyes

mattwnz

20515 posts

Uber Geek
+1 received by user: 4795

#2453926 3-Apr-2020 16:35

old3eyes:

mattwnz:

I am wondering why more aren't using facetime , which allows for multiple video chat windows too. Also doesn't skype do this which is cross platform?

My wife's been using Zoom for her work and it just seems to work fine out of the box. Shes going to try Skype but after spending hours trying to get someone setup remotely I'm not too sure.

Skype can be a bit of a hassle. But most people who work seem to have an ios device, whether it is an ipad or iphone or ipod, and facetime is free for as long as you want to use. it

netspanner

358 posts

Ultimate Geek
+1 received by user: 92

#2453942 3-Apr-2020 16:50

I had a random person pop into our zoom meeting yesterday, as I was teaching programming I said he could sit in if he wanted to, but he quickly got bored and started taking his clothes off. ... Right click, Remove finished him.

I had turned off passwords as I didn't want to complicate things for my students, but it turns out with them on the pw's are sent in the url, so the user doesn't have to do anything more. Just click the link like normal. Our IT guy locked the option in zoom so they are on permanently,

Zoom is such an awesome product, our staff meetings had 96 people/connections on it. It ran well well, you never noticed it. Skype, was a dog to use by comparison. It also saves meetings automatically to the cloud, which the last one was 1gig, and students can then just rewatch at their leisure.

openmedia

3449 posts

Uber Geek
+1 received by user: 877

Trusted

#2453944 3-Apr-2020 16:51

mattwnz:

I am wondering why more aren't using facetime , which allows for multiple video chat windows too. Also doesn't skype do this which is cross platform?

Facetime is an Apple specific platform. No good if you're on Windows, Linux and android.

Generally known online as OpenMedia, now working for Red Hat APAC as a Technology Evangelist and Portfolio Architect. Still playing with MythTV and digital media on the side.

Technofreak

6656 posts

Uber Geek
+1 received by user: 3474

Trusted

#2453948 3-Apr-2020 16:56

mattwnz:

Skype can be a bit of a hassle. But most people who work seem to have an ios device, whether it is an ipad or iphone or ipod, and facetime is free for as long as you want to use. it

Maybe in your world, but iOS is not that common in my work circle. Facetime is useless to the likes of me and those I work with.

Sony Xperia XA2 running Sailfish OS. https://sailfishos.org The true independent open source mobile OS
Samsung Galaxy Tab S6
Dell Inspiron 14z i5

Apple TV

Stream your favourite shows now on Apple TV (affiliate link).

Senecio

2851 posts

Uber Geek
+1 received by user: 3159

ID Verified

Lifetime subscriber

#2453956 3-Apr-2020 17:02

We use BlueJeans at our work

https://www.bluejeans.com/

Works really well but the best part are these Dolby voice devices that we have in our meetings rooms (not much use now I know). These devices are absolutely brilliant for meeting room set-ups.

https://www.bluejeans.com/products/rooms

openmedia

3449 posts

Uber Geek
+1 received by user: 877

Trusted

#2453961 3-Apr-2020 17:05

We also use BlueJeans for work, works well on Android/IOS/Mac/Windows/Linux.

Generally known online as OpenMedia, now working for Red Hat APAC as a Technology Evangelist and Portfolio Architect. Still playing with MythTV and digital media on the side.

Dial111

979 posts

Ultimate Geek
+1 received by user: 656

#2453969 3-Apr-2020 17:21

Microsoft Teams is multiplatform

frankv

5705 posts

Uber Geek
+1 received by user: 3666

Lifetime subscriber

#2453972 3-Apr-2020 17:25

mattwnz: But most people who work seem to have an ios device

I think your sampling may be skewed.

cyril7

9073 posts

Uber Geek
+1 received by user: 2499

ID Verified

Trusted

Subscriber

#2453975 3-Apr-2020 17:32

mattwnz:

snip..............

But most people who work seem to have an ios device, whether it is an ipad or iphone or ipod, and facetime is free for as long as you want to use. it

You are clearly living in a bubble, this is so not so.

Cyril

AliExpress

Shop now on AliExpress (affiliate link).

BlakJak

1329 posts

Uber Geek
+1 received by user: 735

Trusted

#2453986 3-Apr-2020 17:47

Zoom has great features, is user friendly, and has plenty of security features (if you turn them on).

It was conceived as an enterprise tool and it has some useful enterprise-grade features too.

They've got a history of not doing so well when it comes to the detail - like their app privacy leaks.

At the end of the day if you use a cloud service you have to trust your cloud vendor.

I know plenty who've been using Zoom for years and it's working for them. It has the advantage of having a readily-accessible free-tier which lets enterprise and non-enterprise interact, and you can also have free-tier users within an enterprise construct readily enough. This makes it simple and straightforward to set up and centrally manage.

Classic Skype seems to be suffering from lack of investment.

I wont' look at anything that's platform-proprietary (read: Facetime) but have also had some luck with Hangouts and Google Meet personally.

In the enterprise, everything's heading toward Teams for those working within a Microsoft ecosystem.

No signature to see here, move along...

mattwnz

20515 posts

Uber Geek
+1 received by user: 4795

#2453991 3-Apr-2020 17:47

openmedia:

mattwnz:

I am wondering why more aren't using facetime , which allows for multiple video chat windows too. Also doesn't skype do this which is cross platform?

Facetime is an Apple specific platform. No good if you're on Windows, Linux and android.

It is, but many have multiple devices on multiple platform. I use Windows, Linux, android and ios devices. Windows is rubbish I have found for videos, unless you also have a good webcam, and the cams on many laptops aren't great compared to ipads or most phones.My grandma uses ios and windows, so many people don't just stick to one platform. My point was more that facetime is free, and already installed on these devices, and if someone doesn't already have an ipad, they would know someone who has one. eg Children and older people tend to be big users.

mattwnz

20515 posts

Uber Geek
+1 received by user: 4795

#2453993 3-Apr-2020 17:52

frankv:
mattwnz: But most people who work seem to have an ios device

I think your sampling may be skewed.

Personally I don't know anyone that works, who doesn't have an ipad, or an iphone, or an ipod, even an older generation one, or their children has one, that could use facetime. AT least for personal use. In terms of tablets, ipads are the gold standard for the lower cost consumption tablet, and reasonably cheap, and apple doesn't really have a competitor in that market, as android tablets are now not really much of a thing, due to the lack of proper tablet apps for it..

mattwnz

20515 posts

Uber Geek
+1 received by user: 4795

#2453996 3-Apr-2020 17:59

Technofreak:

mattwnz:

Skype can be a bit of a hassle. But most people who work seem to have an ios device, whether it is an ipad or iphone or ipod, and facetime is free for as long as you want to use. it

Maybe in your world, but iOS is not that common in my work circle. Facetime is useless to the likes of me and those I work with.

I guess it does depend on the hardware your specific work circle and workplace uses. I am guessing some work places require their staff use work devices, rather than their own personal devices as well.

1 | 2 | 3