Video communications company Zoom has introduced a series of patches after it was revealed that a security flaw easily allowed potential hackers to join and eavesdrop on video meetings without an invitation.
Software and cybersecurity company Check Point Research announced Tuesday that Zoom has introduced “a number of mitigations” to strengthen its video and audio conferencing platform’s security after the research group identified a major privacy issue.
To test out an infiltrator’s ability to access an active meeting, Check Point researchers automated the process of guessing random 9-, 10- and 11-digit Zoom Meeting IDs and managed to “predict ~4% of randomly generated Meeting IDs.”
While there is a “require meeting password” option, it is not always selected by users of Zoom, which include Uber, Delta Air Lines, 60% of Fortune 500 companies and 96% of the top 200 US colleges and universities, reported The Hill.
With Zoom being utilized by such large organizations, meetings sometimes comprise thousands of people and are not necessarily being routinely monitored by the conference creators.
After identifying the glaring vulnerability, Check Point contacted Zoom in July 2019 and proposed a number of mitigations, including a restructuring of its Meeting ID algorithm, replacing the randomization function of the IDs and forcing hosts of meetings to create a password, PIN or similar type of verification.
“We didn’t look at [other similar platforms], but what we found here is a shout out to them,” Balmas said. “You must look out for these kinds of things, for ways that unauthorized users can gain access, for any application that has access to your microphone or camera.”
Sourse: sputniknews.com
0.00 (0%) 0 votes
