The pandemic has forced many businesses to evaluate the feasibility of staff working from home. While on paper it might work, line managers initially struggled to find an easy way to connect with their team. That is where video calling services like Zoom stepped in.
It quickly became the go-to application for having an online meeting. But the rise to worldwide prominence has been anything but smooth. Tap or click here for three work from home mistakes you’re making.
Other than scammers and kitten filters, a swath of security issues has plagued the platform. They have fixed those issues for the most part, but a new flaw has just been discovered. And it’s bad.
Here’s what’s happening
Like other video calling services, Zoom allows you to share your screen with the participants during a meeting. Usually, only the intended screen, application, or selected area on the monitor is visible when doing so.
But security researchers at Syss Cyber Security recently discovered a flaw. It allows other users to briefly see what is not supposed to be shared. This can put personal information like banking details at risk and expose other sensitive data.
Michael Strametz and Matthias Deeg demonstrated that when somebody shares a web browser window through the “share screen” functionality, there are brief periods where other applications are visible.
If somebody had to record the meeting session, they could replay it and pause on those moments. That would expose whatever was open and unshared at the time.
“The contents of not shared application windows can, for instance, be seen for a short period of time by other users when those windows overlay the shared application window and get into focus. Depending on the unintentionally shared data, this exposure of content is a severe security issue,” the pair wrote about their discovery.
What can you do about it?
Syss Cyber Security was able to replicate the flaw on a Windows-based PC and a Linux machine. They initially reported the problem to Zoom in February. The same day Zoom acknowledged receipt of the security advisory and asked Syss Cyber Security for more details.
After a series of questions and answers, Syss Cyber Security decided to release the information to the public as Zoom hasn’t found (or released) a fix for the flaw.
What can you do about it? Well, if you must use Zoom, don’t share your screen through the single-application option. It is also a good idea to close all apps and programs before going into a meeting and make sure that nothing else is visible on your desktop.
If you want to move away from Zoom until a fix has been found, you could try Google Meet, Skype or Microsoft Teams.