Get Latest Worldwide Updates and News

Security Remains A Real Concern With Real-Time Communication Tools


Be careful what sensitive information is shared on Zoom and other real-time communication apps. While these collaborative tools have helped make it easier than ever for those working remotely to stay connected, and even have shown how it isn’t necessary to get on an airplane to attend a meeting in person, there remain very valid security concerns.

Ciarán Cotter, offensive security engineer at AppOmni, explained how he discovered a vulnerability that affected Zoom Rooms—a feature that allows team members in different physical locations to work together.

“The flaw could have allowed attackers to gain invisible, unauthorized access to sensitive information contained in an organization’s Zoom tenant, including data contained in Team Chat, Whiteboards, and other Zoom applications, by predicting and claiming an auto-generated Zoom Rooms email address,” Cotter further warned.

It worked by taking advantage of how Zoom Room accounts are created—and could allow users to access confidential information contained in any Team Chat channel, beyond the current meeting chat, and persist in this access completely invisibly, and indefinitely.

“Once inside a channel, an attacker posing as a Zoom Room user could not be removed by any administrator or even the Zoom account owner,” Cotter added.

The flaw has since been addressed. Zoom removed the ability to activate the room accounts, yet it is a reminder that many of the tools that allow for easier communication can create new paths for hackers to exploit.

Zoombombing And Other Threats

It was during the pandemic, when Zoom and other platforms became a lifeline that allowed individuals to remain connected that hackers quickly found exploits. Among the most notorious was “Zoombombing,” even if it wasn’t limited just to Zoom.

“While Zoom has made progress in addressing end-to-end encryption and the notorious ‘Zoombombing’ issues, lingering doubts remain regarding the platform’s ability to provide robust security, especially in high-stakes environments,” suggested Ted Miracco, CEO of mobile security provider Approov.

Even more alarming is how artificial intelligence could further present additional concerns for users, especially as the platforms have access to so much user data.

“Zoom’s AI data collection practices should serve as a warning for users of other collaboration platforms, including Microsoft Teams and Google Meet,” Miracco added. “As organizations rush to integrate AI capabilities into their products, there’s a broader challenge of balancing competitiveness in the AI race with preserving customer trust. The scrutiny faced by Zoom highlights deep trust issues in the tech industry, and users must understand the data handling practices of any platform their organization relies on for collaboration.”

These issues are likely only to get worse, as organizations increasingly rely on social media collaboration tools for remote work. This presents a significant cyber safety risk.

“The Zoom AI data collection incidents underscore the need for heightened user and organizational awareness. Other social media platforms like Slack and Microsoft Teams also facilitate real-time communication and may expose sensitive information to AIs,” Micacco noted. “A trend where organizations, in their pursuit of AI advancements, overlook the ramifications of sharing internal confidential information on platforms managed externally is perhaps the biggest emerging privacy threat on the horizon. In the rush to embrace cloud based services we may be inadvertently losing control over our private and confidential data.”

Source link

Leave A Reply