Zoom vulnerability would have allowed hackers to eavesdrop on calls

From The Verge: Cybersecurity research company Check Point Research says in a report out today that it found security flaws in videoconferencing platform Zoom that would have allowed a potential hacker to join a video meeting uninvited and listen in, potentially accessing any files or information shared during the meeting. While Zoom has addressed the issue, the report raises deeper concerns about the safety of videoconferencing apps that require access to microphones and cameras.

Each Zoom call has a randomly generated ID number between 9 and 11 digits long that’s used by participants as a kind of address to locate and join a specific call. Check Point researchers found a way to predict which were valid meetings about 4 percent of the time, and it was able to join some, says Yaniv Balmas, Check Point’s head of cyber research. (They didn’t dive into the meetings themselves, Balmas stressed. Rather, they ended the calls at the “waiting room” screens.)

“It was sort of like Zoom roulette,” Balmas told The Verge. “The implications would be, if you’re having a video chat and have multiple members joining, you may not notice if someone who isn’t supposed to be there is sitting there listening to you.”

Since Zoom conference calls can accommodate “tens of thousands” of participants in one meeting, according to the company’s May IPO, it would not be hard for an attacker to sneak into a Zoom call unannounced if there were no screening measures in place.

View: Full Article