Zoom, a video calling app that has gained in popularity among people working from home in this pandemic induced lockdown, has many vulnerabilities. There are reports that it doesn’t have end-to-end encryptions and its video calls can be hacked. Another report by Mashable says that it allows hackers to steal windows login credentials.

BleepingComputrs was the one to report the security lacunae. The site says this is possible because Zoom’s chat converts Windows networking UNC (Universal Naming Convention) paths into clickable links. If a user clicks on such a link, Windows will leak the user's Windows login name and password. Although the password is hashed, but for hackers, it is easy to retrieve through password recovery tools. As far as security breaches go, this vulnerability is quite easy to hack. All it requires is for the victim to click on a link. Zoom needs to change its UNC links in chat rooms.

Security researchers @_g0dmode and Matthew Hickey discovered these vulnerabilities in the video-sharing app. The hackers can also use the links to launch programs on the compromised users' computers. Microsoft Windows gives a default warning before starting the program.

The security breach can be fixed in Windows settings. Go to Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers and set to "Deny all". Zoom has been having security issues on and off with its app. Recently, it was reported that it does not have end-to-end encryption of its calls, despite its claims to the contrary.  Zoom’s iOS app also randomly sends information to Facebook. The app has revealed users’ photos and emails to unrelated accounts.

Just days ago, users complained to the Federal Bureau of Investigations (FBI) as the meetings were being interrupted by porn clips. New York Attorney General Letitia James took cognizance and sent a letter to the California-based company questioning its security protocols. The FBI’s Boston office received many complaints about conferences being disrupted by pornographic and/or hate images and threatening language.

The letter asked a number of questions regarding what steps the company was taking to ensure users’ privacy and security, said a spokesperson for the AG. The spokesperson assured that they were working with the company to resolve the issue. The FBI’s Boston office received many complaints about conferences being disrupted by pornographic and/or hate images and threatening language.

FBI said that there were instances of online classes being disrupted by these hackers with messages and images. Most schools have resorted to online classes due to the virus pandemic, which has shut down all activities and group gatherings. A Massachusetts high school reported that an unidentified individual got into their virtual classroom and abused the teacher and then shouted the teacher’s home address. Another classroom reported a man with a Swastika appearing on screen during class lessons.

FBI has recommended all chat rooms to go private and not screenshare to avoid being interrupted by unwanted messages. The social media platforms have many such security breaches of hate and porn circulating under the hashtag “zoombombed”. ZOOM, in a statement to AFP regarding the security breaches, said it “takes its users’ privacy, security, and trust extremely seriously.

“During the COVID-19 pandemic, we are working around-the-clock to ensure that hospitals, universities, schools, and other businesses across the world can stay connected and operational,” a spokesperson told AFP. “We appreciate the New York Attorney General’s engagement on these issues and are happy to provide her with the requested information.” The COVID-19 pandemic has forced many companies to opt for the work from home option to keep the offices working. This saw a surge in usage of video conferencing and office sharing apps. Research firm Sensor Tower says that Zoom saw a 252 per cent (4.2 million) uptick in downloads in the week of March 16. It increased to seven million downloads by end-March.