Zoom Vulnerabilities? Microsoft Teams Is The Solution
The use of Zoom, the online video communication platform, has exploded in recent months due in large part to the COVID-19 pandemic. It seems like everyone wants to Zoom now, which is understandable given the significant limitations placed on socializing to combat the pandemic. Unfortunately, Zoom was never designed to be the primary communication channel of businesses, governments, and everyday people. The lack of strong security on the platform is a clear indication of Zoom’s limits. Is it convenient and relatively well-designed for the average user? Absolutely. Does it use ironclad security measures to protect users? Not really. That is why many IT professionals are encouraging their clients to use online meeting solutions like Microsoft Teams because they take security much more seriously. They must since they are targeting a business market.
Zoom Vulnerability – Stolen Passwords and Escalated Privileges
One example of Zoom’s weak security protocols is a recent vulnerability identified by researchers. This critical vulnerability allows hackers to steal your Windows login credentials – which could pose a significant problem for any user, but particularly for businesses with a lot on the line.
Like most apps today, Zoom utilizes the Universal Naming Convention (UNC) that performs the convenient task of converting URLs that you send in a chat into a clickable hyperlink. It is a great feature that makes life much easier for everyone. However, a researcher found that Zoom uses UNC in ways that can be harmful. It turns Windows networking UNC paths into hyperlinks as well. This opens the user’s Windows system to hackers because a click on the link causes Windows to send login information, particularly the NTLM password hash.
It is not just Windows users that are at risk, either. Vulnerabilities have also been exposed that affect Mac users. The module that deals with the microphone and webcam on a Mac can allow hackers to inject malicious code into the application. With that code, the hacker can access the Mac for as long as the webcam and microphone are in use.
Microsoft Teams – A Secure Alternative
Microsoft Teams is an application that is included in the Microsoft 365 service used by most businesses. It allows users to chat over video just like Zoom does, but it was designed much more carefully for security. The focus on security is not surprising, given the extensive user base Microsoft has. Fortune 500 companies are not going to be interested in a video chat solution that is highly vulnerable to hackers. Microsoft built Teams to be secure from the ground up, and given the company’s long history, it knew how to do things right from the beginning.
Microsoft has its protocol for security known as the Trustworthy Computing Security Development Lifecycle (SDL). As Teams was in development, Microsoft would create threat models and test every new feature that was added to the platform. The company stresses that it is impossible to design for every possible security threat. But it also emphasizes that it has done everything it can to keep Teams secure while still ensuring it is functional for users.
Interested in Secure Communication Solutions?
Keeping your company connected has never been more important – nor more challenging, given the current pandemic. We understand that it can be challenging to know how to stay connected with your employees, management, and others. We want you to know that we are here to help. If your business requires sophisticated communication solutions, please contact us. Our team can advise you on what solutions are best suited for your unique business and communication needs.