H L Data Storage Store Banner 970x90
Breaking News

Klipsch announces the debut of its new Reference series speakers Sony WH-1000XM5 wireless headphones get latest noise canceling tech A Huge Step for Unprecedented Compatibility, MSI 300-series Motherboards Are Ready to Support Zen 3 Processors with AGESA Combo PI V2 1.2.0.7 A brand-new look for Android Auto TerraMaster Launches Partner Program Along with 9 New Professional NAS Products

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Check Point Research Found Vulnerabilities in Zoom Video Communications

Check Point Research Found Vulnerabilities in Zoom Video Communications

Enterprise & IT Jan 28,2020 0

Check Point Research Found Vulnerabilities in Zoom Video

Cyber security firm Check Point Research identified a technique which would have allowed a threat actor to potentially identify and join active meetings of people that use tools and technology by Zoom Video Communications.

Zoom is a leader in modern enterprise video communications, it provides an easy cloud platform for video and audio conferencing, collaboration, chat, and webinars across mobile devices, desktops, telephones, and room systems.

Check Point Research posted the details of the vulnerabilities online, and were also disclosed to Zoom. In response, Zoom introduced a number of mitigations, so this attack is no longer possible.

Zoom Meeting IDs are composed of 9, 10 or 11 digits. The problem was that if you hadn’t enabled the “Require meeting password” option or enabled Waiting Room, which allows manual participants admission, these 9-10-11 digits were the only thing that secured your meeting i.e. prevented an unauthorized person from connecting to it.

The security researchers were able to predict ~4% of randomly generated meeting IDs, which is very high chance of success.

Check Point Research contacted Zoom in July 2019 as part of a responsible disclosure process and proposed the following mitigations:

  • Re-implement the generation algorithm of Meeting IDs
  • Replace the randomization function with a cryptographically strong one.
  • Increase the number of digits\symbols in the Meeting IDs.
  • Force hosts to use passwords\PINs\SSO for authorization purposes

Zoom representatives responded quickly and below is the list of changes that were introduced to the Zoom client\infrastructure following the disclosure:

  • Passwords are added by default to all future scheduled meetings.
  • Users can able to add a password to already-scheduled future meetings and received instructions by email on how to do so.
  • Password settings are enforceable at the account level and group level by the account admin.
  • Zoom will no longer automatically indicate if a meeting ID is valid or invalid. For each attempt, the page will load and attempt to join the meeting. Thus, a bad actor will not be able to quickly narrow the pool of meetings to attempt to join.
  • Repeated attempts to scan for meeting IDs will cause a device to be blocked for a period of time.

Tags: CybersecurityZoom Video Communications
Previous Post
SiPearl Company Established to Bringing to Life the Custom Microprocessor for the European exascale Supercomputers
Next Post
Facebook Makes Off-Facebook Activity Tool Available

Related Posts

  • Intel Confirms "Thunderspy" Risk in Thuerbolt Devices

  • Zoom Users' Data have Been on Sale on Dark Web: report

  • Apple Says 'No Evidence' iPhone Mail Bug Used Against Consumers

  • Malwarebytes Introduces VPN Service

  • Google Says State-backed Hackers Use Coronavirus For Phishing Attacks

  • Apple to Patch Serious iOS Vulnerability

  • Zoom 5.0 Raises Encryption Level

  • Apple is The Most Imitated Brand For Phishing in Q1 2020

H L Data Storage Store Banner 300x600

 

Latest News

Klipsch announces the debut of its new Reference series speakers
Consumer Electronics

Klipsch announces the debut of its new Reference series speakers

Sony WH-1000XM5 wireless headphones get latest noise canceling tech
Consumer Electronics

Sony WH-1000XM5 wireless headphones get latest noise canceling tech

A Huge Step for Unprecedented Compatibility, MSI 300-series Motherboards Are Ready to Support Zen 3 Processors with AGESA Combo PI V2 1.2.0.7
PC components

A Huge Step for Unprecedented Compatibility, MSI 300-series Motherboards Are Ready to Support Zen 3 Processors with AGESA Combo PI V2 1.2.0.7

A brand-new look for Android Auto
Consumer Electronics

A brand-new look for Android Auto

TerraMaster Launches Partner Program Along with 9 New Professional NAS Products
Enterprise & IT

TerraMaster Launches Partner Program Along with 9 New Professional NAS Products

Popular Reviews

CeBIT 2005

CeBIT 2005

CeBIT 2006

CeBIT 2006

Zidoo Z9S 4K Media Player review

Zidoo Z9S 4K Media Player review

LiteOn iHBS112 review

LiteOn iHBS112 review

Club3D HD3850

Club3D HD3850

Pioneer BDR-2207 (BDR-207M) BDXL burner review

Pioneer BDR-2207 (BDR-207M) BDXL burner review

External USB Slim Recorders Comparison

External USB Slim Recorders Comparison

Crucial P1 NVMe 1TB SSD review

Crucial P1 NVMe 1TB SSD review

  • Home
  • News
  • Reviews
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed