Accordingly, until April 14, Vietnam Cybersecurity Emergency Response Team (VNCERT), a member of the Authority of Information Security (AIS), has received report of more than 500,000 Zoom accounts being leaked, leading to the exposure of sensitive user information such as email addresses, passwords, meeting URLs and corresponding passwords.
Deputy Director of AIS Nguyen Khac Lich commented that Zoom is a favorable choice of many people for their online classes, teleworking, and online conferences
However, this application does have certain serious security vulnerabilities like weak data encryption, easy meeting ID detection, Universal Naming Convention (UNC) link weakness.
Since the beginning of this year, many of Zoom’s security vulnerabilities have been announced, some of which like CVE-2020-11500, CVE-2020-11469, CVE-2020-11470 still have not been successfully dealt with yet. Via these exposures, hackers are able to illegally access meetings to record confidential information and distribute unhealthy content directly to users’ computer.
Therefore, AIS warns that state offices and units should not continue using Zoom application to hold future conferences. Businesses, organizations, and individuals are suggested to caution against Zoom for their online classes, discussions, or meetings.
Other applications with the same functions developed by domestic prestigious enterprises like Viettel, VNPT, MobiFone, FPT, VNG, or CMC are more highly recommended.
As to businesses providing e-learning and e-conference services, AIS asks that they have to ensure strong cyber security and organize a technical emergency team to timely respond to any feedback of their clients.
Users of these services are advised to download applications from reliable official sources and frequently update to the latest version while being careful when sharing meetings’ basic information (ID and password) to avoid being taken advantage of.
A strict security setting, including complicated password, participant approval, screen sharing management, and meeting content saving limitations, is also recommended for all online meetings.
Finally, AIS suggests that Zoom users immediately improve the complexity of their account password. In case of a suspected information leak, users are asked to report to AIS, the Ministry of Information and Communications, or related state units at once to timely handle the situation, avoiding further negative consequences.