Zoom has become one of the most popular applications for video conferencing online and being in contact with other users. It is a program that, by its very nature, needs to maintain privacy at all times. However, in this article we echo a series of vulnerabilities that can put those who use this tool at risk. It is possible that an attacker could intercept video calls.
Vulnerabilities in Zoom put privacy at risk
A group of computer security researchers at Positive Technologies has identified a total of three critical flaws affecting the Zoom platform. This affects different programs and tools such as Zoom Virtual Room Connector, Zoom Meeting Connector Controller or Zoom Recording Connector.
But, what could an attacker cause in case of exploiting these vulnerabilities? They could have intercepted Zoom videoconferences, putting users’ privacy at risk. At the end of the day, we are dealing with a type of service that requires complete security.
These vulnerabilities have been registered as CVE-2021-34414 , CVE-2021-34415 and CVE-2021-34416 . A potential attacker would have the ability to execute arbitrary code on the server through root user privileges. They have given a list of the applications that are vulnerable and that users should be careful with:
- Meeting Connector Controller up to version 4.6.348.20201217
- Meeting Connector MMR up to version 4.6.348.20201217
- Recording Connector up to version 3.8.42.20200905
- Virtual Room Connector up to version 4.4.6620.20201110
- Virtual Room Connector Load Balancer up to version 2.5.5495.20210326
The second of the vulnerabilities would allow an attacker to cause the system to crash, thereby compromising the functionality of the software and limiting the use of Zoom by affected organizations and users. In this case it affects Zoom On-Premise Meeting Connector Controller and was removed in version 4.6.358.20210205.
But there is another third vulnerability and in this case an attacker could enter certain commands. Affects:
- Meeting Connector up to version 4.6.360.20210325
- Meeting Connector MMR up to version 4.6.360.20210325
- Recording Connector up to version 3.8.44.20210326
- Virtual Room Connector up to version 4.4.6752.20210326
- Virtual Room Connector Load Balancer up to version 2.5.5495.20210326
Keep in mind that all these vulnerabilities can be exploited if an attacker manages to obtain the login credentials of a user with administrative rights.
How to avoid being a victim of this problem
So what can we do to avoid being a victim of such a problem and having our Zoom video calls compromised? The first thing is that we must always keep everything updated to the latest versions available. These vulnerabilities that we have seen have already been patched. It is essential to have everything with the corresponding patches.
Also, we have seen that they need to obtain the login credentials to exploit them. That is why it is essential to have passwords that are strong and that contain all the elements that prevent the entry of any intruder. A good key is one that is totally random and has letters (both uppercase and lowercase), numbers, and other special symbols. We can always have a password manager in mind.
On the other hand, we always recommend installing the programs from official sources. This will also help reduce the risk of potential malicious software reaching our system and compromising security and privacy.
