Despite having been around for 10 years, Zoom’s popularity has skyrocketed during the last 3 months as we all started to work from home. While Zoom’s popularity might come from its ease of use, some of its security vulnerabilities are coming from there too and with its success also comes increased awareness and scrutiny.
The issue today is that Zoom was forced to admit that it is misleading users by suggesting that its service is end-to-end encrypted. “It is not possible to enable E2E encryption for Zoom video meetings,” said a Zoom spokesperson in a statement to The Intercept, after the publication revealed Zoom is using transport encryption, not end-to-end encryption.
As if that wasn’t bad enough, a malicious Zoom user could steal you Windows Login and Password. How you ask? To start, Zoom automatically converts links into clickable links. Okay so far so good right? Well if you past a network path in a chat Zoom will see that as a link it can open as well, getting Windows to try to log in that network share which sends your username and NTLM password hash. That password hash can easily be cracked using free software like Hashcat in just a few seconds.
What can you do to protect yourself?
If you are a network admin you can disable the automatic sending of network login credentials with the group policy “Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers.” This isn’t an end all, be all solution however, it can cause some issues accessing resources on some networks.
For a user at home users can modify the “RestrictSendingNTLMTraffic” Registry value under the ‘HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\ Control\Lsa\MSV1_0’ key then set it to 2.
If you are currently a Zoom user you may want to look at alternatives.
By Platform De.Central | Source: Motherboard