Zoom: the controversy of a somewhat confidential application

Zoom is a video conferencing application.

It facilitates collaboration between different people in the context of telework for example. Nothing extraordinary because it seems similar in a way to Skype or Microsoft Teams. Lately because of the explosion of telework and remote collaboration, Zoom has the wind in its sails. It makes the most used applications of these last moments. However, without success is also accompanied by its share of criticisms.

This article will also interest you: Microsoft listens to conversations and exchanges on Skype and Cortana

Indeed, this last moment, the application of videoconferencing is pointed out by privacy and privacy advocates. And that seems to be well founded, of course. According to the information that circulated on the subject, the application that allowed its users to connect via social media accounts such as Facebook, transmitted apartment data to them to the American entertainment giant. While the CEO of Zoom and other authorities of the firm have blamed this on a security flaw or a bug, the eternal question of confidentiality is leading this buzz.

Beyond that several vulnerabilities have been discovered on the application. According to an American hacker specializing in surveillance services. According to Patrick Wardle, these vulnerabilities are Zero Day. They mainly affect its Mac version and that this would allow any hackers familiar with the flaw to have access to the terminal. With these two important security vulnerabilities, the hacker can spy on Zoom users through the terminal microphone, but also through the webcam that he can share remotely. This would be an opportunity for the latter to take part, for example, in a videoconference or presentation meeting without being invited and to collect confidential information.

Moreover, last week it was discovered other security flaws but this time on the version of Zoom available on Windows 10. "In practical terms, the Zoom client converts URLs into a hyperlink, but also UNC (Universal Naming Convention) paths. These are used to specify the location of a resource on the LAN. By clicking on a UNC link, Windows will attempt to log in using the SMB protocol which, by default, transmits the user's user's user's ID and password. However, the hash used NTML can be picked up and deciphered by tools like Hashcat. Jacques Cheminat, a journalist, explained.

In addition, the Motherboard site had mentioned that it had discovered that due to a bug, it is impossible for a user to zoom for example to collect data (Names and First Names; Mails; photos) of good users the email address to share the same domain name.

Long criticized, zoom CEO Eric S Yuan promises to do everything possible to make the use of the telework tool smooth and transparent. With the implementation of several measures, it seeks to reassure all users and partners even if this is likely to be a challenge.

Now access an unlimited number of passwords:

Check out our hacking software