This is similar to WhatsApp Web. After that, your devices will be synced, and you can start chatting from your laptop or desktop computer. Once you've installed this software, you must scan the QR code using your mobile device. Users may also be familiar with the web-browser version, which is very similar in functionality and layout. The options are reminiscent of the Android WhatsApp program. It doesn't take much time or effort to learn. For anyone familiar with WhatsApp for Android, navigation and usability will need no explanation if you're unfamiliar with it-it’s easy to learn. The options are clear and well organized. They made many mistakes along the way like poor decisions on security-critical default configurations and using an insufficient encryption schema.You would expect the WhatsApp interface without any frills or clutter. They were fast to react but had they come prepared, this episode could probably be averted. The battle between usability/functionality and security is everlasting and exists from early stages in small startups and major corporations.Īs COVID19 sky-rocketed the adoption of Zoom, they soon found out that as their platform came to the light, so did their security practices. Those issues were coordinated disclosed together with Zoom which quickly fixed those issues. However, another wave of criticism arose as Zoom stated that they will not be providing E2E encryption for free users to allow FBI and police access to the calls.Īfter almost putting this to sleep, a couple of weeks ago Zoom suffered another blow as the Cisco Talos group published the news about two new vulnerabilities allowing an attacker to run code on the victims' machines running the Zoom client software.īoth vulnerabilities are an exploitable path traversal within the way chat messages are handled by the clients which eventually can lead to file writes and code execution within the victim machine. Last May, Zoom acquired Keybase, to facilitate the security changes in their platform, and in the last months, they changed their encryption algorithm to AES-256 GCM and published their plan and design for their platform future E2E encryption ( ). The ECB mode is a bad choice for this type of application usage as details can emerge from the encrypted data which can leaks information as you can see in the picture below. On top of that, Zoom used AES-128 encryption with ECB block mode. It was also observed that some Zoom meetings were managed by servers located in China. While Zoom claimed their platform supports end-to-end encryption, the server was responsible for generating and distributing the meeting key to all the participants, which enables any malicious actor with access to the server to completely defeat the encryption mechanisms that were in place. On the privacy front, Zoom was on the crosshairs as well. While Zoom itself did have the features in place to prevent Zoombombing or greatly reduce it, such as complex passwords or waiting rooms, in which the meeting organizer approves each participant before they are admitted to the call, those features were not enabled by default. It automatically searches online for open Zoom meetings and is said to find more than 100 new meetings every hour. According to Pc Magazine, instances were observed where students were asking online to bombard their online class sessions.Ī new hacking tool, called zWarDail, has also emerged. "Zoom-bombing, the phenomenon of trolls intruding into other people's meetings for the sole purpose of harassing attendees, usually by bombarding them with racist or sexually explicit images or statements" (arstechnica).Įven with passwords enabled on the call, some Zoom meetings still suffered from this, as some of the participants were sharing the access. Last March, a new phenomenon by the name "Zoombombing" has emerged. Having said that, Zoom had a very tough couple of months when it comes to the privacy and security fronts.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |