Cybercriminals do not look at how strong a system is to attack it, but rather its popularity. Zoom, the video calling platform that became famous in the pandemic, is proof of this.
Cybersecurity experts warn about the dangers of using and also in other popular applications and give recommendations for those who consider it as a free option to communicate during a pandemic.
Three researchers from different companies agree that users can continue to use it, as long as they make correct settings adjustments and are careful. It is not about creating a link, and now you have to take the necessary precautions when scheduling a video call.
Is it really that famous?
The Crunchbase database ensures that, in the last 30 days, Zoom has had more than 40 million downloads on different devices, indicating a monthly growth of 698%. “That popularity is a perfect call to criminals,” says David Pereira, director of cybersecurity company SecPro and a white-hat hacker ( he uses his knowledge to alert companies to security flaws rather than attack them).
In the last month, complaints have also been read about attackers who managed to sneak into conferences (class sessions and even company boards of directors), display obscene content, and take control of a team. The attack is called “zoom bombing,” and it also happens to those who have the paid version of the application, explains Cecilia Pastorino, a specialist in computer security at ESET Latin America.
Users cannot forget that it is a platform that offers good quality free calls, and in the paid version, it is still very cheap. Probably if you pay, you will find more strong programs, and although they can also be attacked.
At the time, the company apologized and released updates so that users were not vulnerable, but the problems quickly reappeared. Why? Since the platform is in the eye of the storm, hackers are quickly finding new flaws and selling them on the black market.
What you need to know
Experts point out that the problem is not the platform alone, because “there is no 100% secure system.” Their characteristics must be known to avoid being the victim of an attack. These are the most important:
1. In Zoom, meetings are generated through links, that gave it a reputation for being easy to use. Links are generated with a personal ID (it is a number that does not change). If you post that link on a social network, for example, anyone can access the meeting and know their personal ID, such as their ID number in the application.
2. By default, anyone in a conference can share their screen without permission from the creator of the video call. Hence, allegations abound that pornography suddenly appeared in a virtual room.
3. The application also allows a member of a video call to take control of the computer of a person who is sharing their screen. To access this function, you must always ask for permission.
The only way that malicious code can be installed on your computer is by accessing a link that automatically downloads a virus or by downloading an infected application. That’s why attackers are putting imitations of the app in stores. “It is not possible for a virus to be installed on my computer just by entering a video call. Not yet,” says the analyst.
What to do?
If you have the application downloaded on your cell phone and computer, make sure it is the latest version. This gives you peace of mind that errors reported in the past have been corrected. On the phone, you can check it in the app store (Google Play Store or Apple Store), there they will show you if there is a newer one than the one you have installed. A warning will appear on the computer when you log in.
It’s time to explore the settings, take time to do it:
1. Open the official website of the application in your browser. See that a padlock appears and is not a site impersonation.
2. Log in, and in the left bar, select the configuration option.
3. In the section that says “schedule meeting,” select the option that says “only authenticated users can join” or “Only authenticated users can join meetings from the Web client.” That is going to force all the people who want to join, need approval from the host.
4. Enable the option to require a password to join a meeting and change it every time you generate a new video call.
5. Disable the option to chat in the video conference and that people who want to talk, share their camera or screen share, need approval from the meeting host.
When you want to schedule a meeting, two options will appear in the meeting ID: automatically generate or personal meeting ID. Make sure it is always automatic.