Breaking News

Shuttle announces DN11H at InfoComm 2025 Crucial announces T710 PCIe Gen5 NVMe SSD and X10 Portable SSD LIAN LI Presents Prototype Cases, AIO, and PSU Series at Computex 2025 CORSAIR at Computex 2025 ENDORFY introduces Celeris 1800 keyboard

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Check Point Research Found Vulnerabilities in Zoom Video Communications

Check Point Research Found Vulnerabilities in Zoom Video Communications

Enterprise & IT Jan 28,2020 0

Check Point Research Found Vulnerabilities in Zoom Video

Cyber security firm Check Point Research identified a technique which would have allowed a threat actor to potentially identify and join active meetings of people that use tools and technology by Zoom Video Communications.

Zoom is a leader in modern enterprise video communications, it provides an easy cloud platform for video and audio conferencing, collaboration, chat, and webinars across mobile devices, desktops, telephones, and room systems.

Check Point Research posted the details of the vulnerabilities online, and were also disclosed to Zoom. In response, Zoom introduced a number of mitigations, so this attack is no longer possible.

Zoom Meeting IDs are composed of 9, 10 or 11 digits. The problem was that if you hadn’t enabled the “Require meeting password” option or enabled Waiting Room, which allows manual participants admission, these 9-10-11 digits were the only thing that secured your meeting i.e. prevented an unauthorized person from connecting to it.

The security researchers were able to predict ~4% of randomly generated meeting IDs, which is very high chance of success.

Check Point Research contacted Zoom in July 2019 as part of a responsible disclosure process and proposed the following mitigations:

  • Re-implement the generation algorithm of Meeting IDs
  • Replace the randomization function with a cryptographically strong one.
  • Increase the number of digits\symbols in the Meeting IDs.
  • Force hosts to use passwords\PINs\SSO for authorization purposes

Zoom representatives responded quickly and below is the list of changes that were introduced to the Zoom client\infrastructure following the disclosure:

  • Passwords are added by default to all future scheduled meetings.
  • Users can able to add a password to already-scheduled future meetings and received instructions by email on how to do so.
  • Password settings are enforceable at the account level and group level by the account admin.
  • Zoom will no longer automatically indicate if a meeting ID is valid or invalid. For each attempt, the page will load and attempt to join the meeting. Thus, a bad actor will not be able to quickly narrow the pool of meetings to attempt to join.
  • Repeated attempts to scan for meeting IDs will cause a device to be blocked for a period of time.

Tags: CybersecurityZoom Video Communications
Previous Post
SiPearl Company Established to Bringing to Life the Custom Microprocessor for the European exascale Supercomputers
Next Post
Facebook Makes Off-Facebook Activity Tool Available

Related Posts

  • Intel Confirms "Thunderspy" Risk in Thuerbolt Devices

  • Zoom Users' Data have Been on Sale on Dark Web: report

  • Apple Says 'No Evidence' iPhone Mail Bug Used Against Consumers

  • Malwarebytes Introduces VPN Service

  • Google Says State-backed Hackers Use Coronavirus For Phishing Attacks

  • Apple to Patch Serious iOS Vulnerability

  • Zoom 5.0 Raises Encryption Level

  • Apple is The Most Imitated Brand For Phishing in Q1 2020

Latest News

Shuttle announces DN11H at InfoComm 2025
Enterprise & IT

Shuttle announces DN11H at InfoComm 2025

Crucial announces T710 PCIe Gen5 NVMe SSD and X10 Portable SSD
Enterprise & IT

Crucial announces T710 PCIe Gen5 NVMe SSD and X10 Portable SSD

LIAN LI Presents Prototype Cases, AIO, and PSU Series at Computex 2025
Cooling Systems

LIAN LI Presents Prototype Cases, AIO, and PSU Series at Computex 2025

CORSAIR at Computex 2025
Cooling Systems

CORSAIR at Computex 2025

ENDORFY introduces Celeris 1800 keyboard
PC components

ENDORFY introduces Celeris 1800 keyboard

Popular Reviews

be quiet! Light Loop 360mm

be quiet! Light Loop 360mm

be quiet! Dark Mount Keyboard

be quiet! Dark Mount Keyboard

be quiet! Dark Rock 5

be quiet! Dark Rock 5

G.skill Trident Z5 Neo RGB DDR5-6000 64GB CL30

G.skill Trident Z5 Neo RGB DDR5-6000 64GB CL30

Arctic Liquid Freezer III 420 - 360

Arctic Liquid Freezer III 420 - 360

Crucial Pro OC 32GB DDR5-6000 CL36 White

Crucial Pro OC 32GB DDR5-6000 CL36 White

Crucial T705 2TB NVME White

Crucial T705 2TB NVME White

be quiet! Light Base 600 LX

be quiet! Light Base 600 LX

Main menu

  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed