NCC alerts Zoom users about software that creates vulnerabilities
By Jeph Ajobaju, Chief Copy Editor
Zoom users have been advised by the Computer Security Incident Response Team (CSIRT) of the Nigerian Communications Commission (NCC) to install the latest update of the software from the platform’s official website following discovery of vulnerabilities that allow a remote attacker to exploit the app.
An CSIRT advisory reported the Indian Computer Emergency Response Team (CERT-In) found several flaws in Zoom products.
It warned a remote attacker could exploit the vulnerabilities to circumvent security measures and cause a denial of service on the targeted machine.
“These vulnerabilities exist owing to incorrect access control implementation in Zoom On-Premises Meeting Connector MMR prior to version 4.8.20220815.130.
“A remote attacker could exploit these flaws to join a meeting they were not permitted to attend without being seen by the other attendees,” the advisory said, according to Nairametrics reporting.
“They can also access audio and video feeds from meetings they were not permitted to attend, as well as interrupt other sessions.
“Successful exploit of these vulnerabilities could allow an unauthorised remote authenticated user to bypass implemented security limitations on the targeted system.”
_________________________________________________________________
Related articles:
NCC grants varsities N500m for telecom research
New malware steals bank login data, NCC warns
Fake and stolen phones won’t work any more, says NCC
_______________________________________________________________
Background
Zoom, a videotelephony platform, became popular for virtual meetings with more than 300 million daily users during the coronavirus pandemic.
CSIRT is the telecom sector’s cyber security incidence centre set up by the NCC to focus on incidents as they may affect telecoms consumers and citizens at large, per Nairametrics.
CSIRT also collaborates with the Nigeria Computer Emergency Response Team (ngCERT), established by the federal government to reduce the volume of future computer risk incidents.
It does this by preparing, protecting, and securing Nigerian cyberspace to forestall attacks, and problems or related events.
NCC alerts car owners to wireless unlocking, steal of vehicles
Owners of vehicles, especially cars, have also been alerted by the NCC that cyber vulnerability now enables nearby hackers to unlock cars, start the engines wirelessly, and steal cars.
“The fact that car remotes are categorised short range devices that make use of radio frequency (RF) to lock and unlock cars informed the need for the Commission to alert the general public on this emergent danger, where hackers take advantage to unlock and start a compromised car,” NCC Director Public Affairs Ikechukwu Adinde said.
“According to the latest advisory released by the Computer Security Incident Response Team (CSIRT), the Cybersecurity Centre for the telecom sector established by the NCC, the vulnerability is a Man-in-the-Middle (MitM) attack or, more specifically, a replay attack in which an attacker intercepts the RF signals normally sent from a remote key fob to the car, manipulates these signals, and re-sends them later to unlock the car at will.
“With this latest type of cyber-attack, it is also possible to manipulate the captured commands and re-transmit them to achieve a different outcome altogether.
“Multiple researchers disclosed a vulnerability, which is said to be used by a nearby attacker to unlock some Honda and Acura car models and start their engines wirelessly.
“The attack consists of a threat actor capturing the radio frequency (RF) signals sent from your key fob to the car and resending these signals to take control of your car’s remote keyless entry system.”