The video conferencing platform Zoom has been found to have a number of security weaknesses, and the government is urging users to update the platform immediately. According to an Indian Computer Emergency Response Team (CERT-In) that deals with cyber security threats, the Zoom vulnerabilities let remote attackers join a meeting without appearing to the other participants.
If successfully breached, hackers can obtain audio and video feeds of a meeting they were not authorized to attend and “cause other meeting disruptions”. They may also access sensitive company information shared during the audio or video call. The MeitY (Ministry of Electronics and Information Technology) body has categorised the threat level as ‘medium’.
Both the government and Zoom say that three vulnerabilities, dubbed CVE-2022-28758, CVE-2022-28759, and CVE-2022-28760 affect Zoom’s On-Premise Meeting Connector MMR. The video conferencing platform explains that On-Premise deployments allow organisations to deploy meeting connector virtual machines within their internal company network. The tool lets parties host meetings on a “private cloud”. The government raised the issue on September 19, while Zoom issued the same warning on September 13.
To ensure security, the government advises users to update the latest version of Zoom on their desktops.
Meanwhile, CERT-In has also advised users to update their Google Chrome for desktop after discovering multiple vulnerabilities.
If the problem is not resolved, hackers may “bypass security constraints, execute arbitrary code, or cause denial of service conditions on the targeted system,” according to the cyber security warning.