CERT-In Warns Users Against Multiple Vulnerabilities In Zoom

CERT-In Warns Users Against Multiple Vulnerabilities In Zoom

SUMMARY

One of the vulnerability allowed an unauthorised remote attacker to join a Zoom meeting without appearing to other participants

Another vulnerability allowed the remote hacker to obtain the audio and video feed of a meeting they were not authorised to join

CERT-In has advised users to update to the latest version of the video conferencing software to avoid any issues

The Indian Computer Emergency Response Team (CERT-In) has identified a host of vulnerabilities in video conferencing platform Zoom.

According to the cybersecurity watchdog, one of the vulnerabilities could allow an unauthorised remote attacker to join a Zoom meeting without appearing to other participants in the video chat. 

“These vulnerabilities exist due to improper access control implementation. A remote attacker could exploit these vulnerabilities to join a meeting they are authorised to join without appearing to the other participants or obtain the audio and video feed of a meeting they were not authorised to join and cause other meeting disruptions,” said a CERT-In’s advisory.

The advisory further added that the identified issues in Zoom products could allow a remote authenticated user to bypass implemented security restrictions on the targeted system.

The cybersecurity watchdog has advised users to update to the latest version of the video conferencing software to subvert any prospective issues. 

Tagged ‘Medium’ on the severity rating, the exposure has been dubbed as CVE-2022-28758, CVE-2022-28759, and CVE-2022-28760, and have been attributed to improper access control implementation.

In addition, the Indian cybersecurity watchdog also issued a warning against vulnerabilities in Lenovo products such as desktops, laptops, server-related offering ThinkPad, workstation series ThinkStation, among others. 

CERT-In is India’s national nodal agency tasked with disseminating information regarding cybersecurity incidents, to deploy measures in the event of an emergency, among other functions. 

Zoom Vs Indian Govt

This is not the first time that the video conferencing platform has landed in a soup in India. Back in 2020, the firm suffered a major data leak after it emerged that login details of more 5 Mn Zoom users were being sold on dark web for as little as a pence.

Close on the heels of that, the Indian government had issued an advisory terming the platform altogether ‘unsafe.’ 

Later, the firm was again marred by controversy amid rumours that Zoom was a Chinese company. This happened in 2020 at the height of geopolitical hostilities between India and China. Such was the impact that the company had to come out and clarify that it was a publicly traded company based out of San Jose, California. 

It has, previously, also faced boycott calls from the Confederation of All India Traders (CAIT) that had urged traders and trade associations to boycott the ‘Chinese product.’

Just last week, Zoom suffered a major outage that prevented users from starting or joining meetings. Even 2020 had its fair share of outages that knocked off businesses for many companies and rendered its clients in a limbo.

The Indian Cybersecurity Nightmare

This comes days after the infamous SOVA Android Trojan malware re-emerged on the horizon with newer capabilities that appeared to be targeting Indian banking customers.

In August, CERT-In issued a ‘High’ level advisory that warned users about vulnerabilities in Google Chrome browser that allow hackers to bypass security systems on computers. 

This adds to the growing headache for the Indian cybersecurity apparatus which has been pummelled by a flurry of such attacks in the last few months. Earlier this year, Minister of State Chandrasekhar informed the Parliament that more than 6.74 Lakh cybersecurity incidents were reported in the first six months of 2022. 

Late last month, a top Google executive noted that the country witnessed more than 18 Mn cyberattacks and 2 Lakh threats per day in the first quarter of the year. 

This comes amidst growing incidents of cyberattacks in the country. In August, airline Akasa Air publicly apologised after it emerged that a ‘temporary technical configuration error related to their login and sign-up service’ had led to unauthorised persons viewing personal details of users. 

In July, fintech player Policybazaar’s IT systems were subjected to ‘illegal and unauthorised‘ access. In the same month, the Securities and Exchange Board of India (SEBI) also filed an FIR after it emerged that the market watchdog was hit by a cyberattack involving its email system.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
UNLOCK 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
UNLOCK 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

CERT-In Warns Users Against Multiple Vulnerabilities In Zoom-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

CERT-In Warns Users Against Multiple Vulnerabilities In Zoom-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

CERT-In Warns Users Against Multiple Vulnerabilities In Zoom-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

CERT-In Warns Users Against Multiple Vulnerabilities In Zoom-Inc42 Media
CERT-In Warns Users Against Multiple Vulnerabilities In Zoom-Inc42 Media
You’re in Good company