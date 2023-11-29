Collaboration tools have helped make it easier than ever for remote workers , [+] are linked. (Photo by Sasha Steinbach/Pool/AFP) (Photo by Sasha Steinbach/Pool/AFP via Getty Images) Poole/AFP via Getty Images

Be careful what sensitive information is shared on Zoom and other real-time communication apps. However these collaboration tools have helped make it easier than ever for those working remotely to stay connected, and have even shown that getting on a plane to attend a meeting in person While not necessary, very legitimate security concerns remain.

Ciaran Cotter, offensive security engineer at AppOmni, explains how he discovered a vulnerability that affected Zoom Rooms – a feature that allows team members in different physical locations to work together.

“This flaw could allow attackers to gain invisible, unauthorized access to sensitive information contained in an organization’s Zoom tenant, including Teams chat, whiteboards, and other Zoom applications, by predicting and claiming an auto-generated Zoom Rooms email address. “Includes data present in.” Cotter further warned.

It worked by taking advantage of how Zoom room accounts are created – and could allow users to access confidential information contained in any Teams chat channel, beyond the current meeting chat, and this access could be completely can continue invisibly and indefinitely.

“Once inside a channel, an attacker posing as a Zoom room user cannot be removed by any administrator or even the Zoom account owner,” Cotter said.

The defect has since been resolved. Zoom removed the ability to activate Rooms accounts, yet it’s a reminder that many tools that allow for easy communication can create new avenues for hackers to exploit.

Zoombombing and other threats

It was during the pandemic, when Zoom and other platforms became a lifeline that allowed individuals to stay connected, that hackers quickly took advantage of it. One of the most notorious was “Zoombombing”, even though it was not limited to Zoom only.

Ted Miraco, CEO of Mobile Security, suggested, “While Zoom has made progress in addressing end-to-end encryption and the notorious ‘Zoombombing’ issues, the platform’s ability to provide strong security, especially in high-risk environments Doubts remain about.” Provider Approval.

What’s even more worrying is how artificial intelligence could create additional concerns for users, especially when platforms have access to so much user data.

Miraco said, “Zoom’s AI data collection practices should serve as a warning to users of other collaboration platforms, including Microsoft Teams and Google Meet.” “As organizations race to integrate AI capabilities into their products, there is a broader challenge of balancing competitiveness in the AI ​​race with maintaining customer trust. The scrutiny faced by Zoom is a reflection of the deep trust in the tech industry. issues, and users should understand data management practices on any platform their organization relies on for collaboration.”

These issues are likely to get worse as organizations increasingly rely on social media collaboration tools for remote work. This presents a significant cybersecurity risk.

“The Zoom AI data collection incidents underscore the need for heightened user and organizational awareness,” Mikako said. Other social media platforms like Slack and Microsoft Teams also facilitate real-time communication and expose sensitive information to AI. can do.” “A trend where organizations, in the pursuit of AI progress, overlook the implications of sharing internal confidential information on externally managed platforms is perhaps the biggest emerging privacy threat on the horizon. In our rush to adopt cloud-based services We may inadvertently lose control over our personal and confidential data.”