Popular teleconferencing platform Zoom is the latest tech company with a security flaw. A new research report has exposed a vulnerability that could offer access to video calls made on the platform.
— The Verge (@verge) January 28, 2020
Hackers Could Guess Meeting IDs and Join Calls
The report was compiled by the cybersecurity firm Check Point Research. The firm explained that all the video calls have an inherent flaw that could allow hackers to join calls without being invited and also access any files or information that is being shared throughout the call.
Every call made on Zoom has a number, between 9 and 11 digits long, that is randomly generated and used as an address for participants. Check Point’s researchers were able to predict valid meetings about 4 percent of the time, Yanks Balmas, the Head of Cyber Research at Check Point, explained in the report.
“It was sort of like Zoom roulette. The implications would be, if you’re having a video chat and have multiple members joining, you may not notice if someone who isn’t supposed to be there is sitting there listening to you,” he explained.
Since a Zoom call can accommodate tens of thousands of participants with limited screening measures, attackers could easily sneak into calls and eavesdrop on the entire conversation.
Zoom’s Mitigation Steps
Check Point explained that after reporting the issue to Zoom Communications, the firm replaced the randomized ID number, added passwords for meetings and disabled the ability to scan for meetings randomly.
Going forward, Zoom will also stop showing the validity of a meeting ID whenever a user loads a page. Instead, the page will load and launch an attempt to join the meeting, thus preventing hackers from easily moving through the available pool of meeting IDs. Repeated attempts to scan for IDs will also lead to the device itself being temporarily blocked from the service.
The news is coming on the heels of a recently announced update to the Zoom Phone. The cloud-calling platform was introduced last April by the firm, and in the new update, it added improved contact center integration and expanded on phones using 5G Moto Mod, and the Samsung Galaxy S10 series.
Images are courtesy of Shutterstock, Twitter, Pixabay.