ZOOM: Leaking/Stealing our Information or Not

April 18, 2020
ZOOM app info leakage


Hey Readers as we all knows, Nowadays the ZOOM is emerging as a platform for video conferencing for almost whole world in the severe outbreak of COVID-19. But, it can also become a way for hackers or attackers for stealing the data of any user or company and also the government has ordered to stop teaching and meetings through this platform to prevent data. 

Recently ZOOM got out of a problematic situation in its IOS app, where it was sharing data with facebook.But, the app's privacy policies are still stealing user data automatically for the convenience of the user in terms of grouping company members or sending messages.

Also, in website or other platforms "Company Directory" setting is configured automatically when user signed up with any company's email domain.It group all the users together which signed with same domain to make searches and calls easier with colleagues,

If we signed up to ZOOM with a non-standard email domain provider (like Gmail,yahoo,etc.) then it automatically add many users to our contact list who've signed up using the similar domain name.
Since, it is adding strangers to our contact list then it can also be a way of leaking private or secret information of the company as it can also add any person that can use the company or organisational data for any malicious motive/work.

Zoom information leakage via UNC

In addition to the smartphones, Zoom can also results in leakage of information in Windows according to a Tech site "Bleeping Computer".

How it works?

As, the platform provides us a way for chatting to our colleagues. When a chat is sent to anyone, it creates a link of it which is used as an hyperlink so that the receiver can open that link by just clicking on it.
ZOOM client converts Universal Naming Convention(UNC) path into a clickable link in chat messages.When a user clicks on a UNC path link i.e., a chat message then at same time windows sent users login name and NTLM passwords which can easily be cracked by any attacker.
Zoom info leak

To fix the privacy issues to some extent in the Windows do the following: 

Go to Computer Configuration>Windows Settings>
Security Settings>Local Policies>Security Options>
Network Security:Restrict NTLM: Outgoing NTLM traffic to remote services.

To Delete a ZOOM account do the following steps:

1.Open  the ZOOM website in PC or handset and sign in to the account you want to delete. And then, 
2.Click Account Management > Account Profile. C
3.Terminate My Account.
4.Click Yes to confirm that you would like to terminate your ZOOM account. 

This will delete your ZOOM account permanently.

Tags:

Theme images by fpm. Powered by Blogger.