{"id":844,"date":"2022-01-24T12:00:00","date_gmt":"2022-01-24T19:00:00","guid":{"rendered":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/?p=844"},"modified":"2022-01-24T09:41:40","modified_gmt":"2022-01-24T16:41:40","slug":"zoom-university-a-plea-for-open-source","status":"publish","type":"post","link":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/2022\/01\/24\/zoom-university-a-plea-for-open-source\/","title":{"rendered":"Zoom University – A Plea For Open Source"},"content":{"rendered":"\n

Since the beginning of the pandemic, everyone with access to the internet has probably become increasingly aware of a desktop (and mobile) application named zoom. No matter who you are, with everything moving to work from home, you’ve probably experienced it in one way or another, or at least a service very similar. Despite it’s popularity, the video conferencing app hasn’t been without issue, in fact, it has a past littered with them<\/a>[1]<\/sub>. <\/p>\n\n\n\n

These past security issues however, are not what I want to focus on. More recently, Google Project Zero, Google’s team dedicated to find and report on zero-day vulnerabilities reported on a recently patched (thankfully) security issue<\/a>[2]<\/sub> within the Zoom app. According to the article, one of these exploits included a zero click attack. <\/p>\n\n\n\n

What Exactly is a Zero-Click Attack?<\/strong><\/p>\n\n\n\n

\n
\n
\"Types
Phishing Image From SiteLock[4]<\/sub>
An example of an attack that requires some sort of user input (or click)<\/figcaption><\/figure><\/div>\n\n\n\n

For starters, it is probably useful to define exactly what a zero click attack is. In the case of most modern “hacks” some sort of social engineering is used. You’re tricked into clicking a link in a phishing scam, or something of that variety. If you’re wary of what you do and don’t click, you’ll be aware that you’re a target, zero-click attacks don’t work this way. In fact, for the average user there is no way to tell that you are being targeted at all. According to an article from How-To Geek<\/a>[3]<\/sub> “These attacks don’t often leave much of a trace behind… And the more complex the app is the more room exists for zero-click exploits,” and this is exactly what makes Zoom so vulnerable to these types of attacks. In the modern world, your data and information is becoming increasingly valuable, and people will pay absurd amounts of money to get their hands on it. <\/p>\n<\/div>\n<\/div>\n\n\n\n


<\/p>\n\n\n\n

Why Should We Care?<\/strong><\/p>\n\n\n\n

With the exploit supposedly fixed according to Zoom themselves, and further corroborated by Natalie Silvanovich at Project Zero who wrote[2]<\/sub> “while I had success with portions of the exploit, I was not able to get it working,” why exactly should we care about this any longer. The issue is fixed, right? Not necessarily. Since it’s rise to dominance in the sphere of online video conferencing software, Zoom has caught flack from security professionals from around the world due to the fact that their client is not Open-Source. You can’t just go look at Zoom’s security features yourself, and in-fact if you wish to get a license to do so, it is reportedly exceedingly expensive[2]<\/sub>. Whilst you may think this seems safer, their software isn’t accessible by just anyone so hackers can’t get to it, it simply makes it harder for people to evaluate it. While open source platforms may not be perfect, they tend to at least have the discernable advantage of known<\/em> security issues.
<\/p>\n\n\n\n

At the end of the day, this is my main qualm with Zoom as it is. I’m a university student. I do not have the money to license a piece of security software to delve into it, and even then it’s entirely possible I wouldn’t be able to find out much. Open source technologies allow anyone, you, me, whoever to delve into them as far as we wish, to see what we are really and truly exposing ourselves to, and to decide whether that is a risk we are willing to take. Obviously, nothing is perfect, but at the end of the day, I’d much rather know there are potential flaws and data mining techniques that I’m being exposed to. With Zoom in its current state, there is no way to guarantee that. It could be littered with undiscovered flaws simply waiting to be taken advantage of and the user would be none the wiser. Is this truly something we all want to be using on a daily basis, even if just to attend classes?

<\/p>\n\n\n\n

References<\/strong><\/p>\n\n\n\n

[1] https:\/\/www.tomsguide.com\/news\/zoom-security-privacy-woes Tom’s Guide , Paul Wagenseil, December 7th, 2021
[2] https:\/\/googleprojectzero.blogspot.com\/2022\/01\/zooming-in-on-zero-click-exploits.html Google Project Zero, Natalie Silvanovich, January 18th, 2022
[3] https:\/\/www.howtogeek.com\/763142\/what-is-a-zero-click-attack\/ How-To Geek, John Bogna, October 26, 2021
[4] https:\/\/www.sitelock.com\/blog\/social-engineering-attacks\/ Image reference, March 31, 2021<\/p>\n","protected":false},"excerpt":{"rendered":"

Since the beginning of the pandemic, everyone with access to the internet has probably become increasingly aware of a desktop (and mobile) application named zoom. No matter who you are, with everything moving to work from home, you’ve probably experienced it in one way or another, or at least a service very similar. Despite it’s … <\/p>\n

Continue reading “Zoom University – A Plea For Open Source”<\/span><\/a><\/p>\n","protected":false},"author":333,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[15],"tags":[],"class_list":["post-844","post","type-post","status-publish","format-standard","hentry","category-cpsc-329-602-w22","entry"],"featured_image_src":null,"featured_image_src_square":null,"author_info":{"display_name":"Ben Foster","author_link":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/author\/ben-foster\/"},"_links":{"self":[{"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/posts\/844","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/users\/333"}],"replies":[{"embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/comments?post=844"}],"version-history":[{"count":6,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/posts\/844\/revisions"}],"predecessor-version":[{"id":897,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/posts\/844\/revisions\/897"}],"wp:attachment":[{"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/media?parent=844"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/categories?post=844"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/tags?post=844"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}