Chailytko writes that the researchers created URL strings with possible meeting IDs, and then they were able to check those against Zoom’s systems to figure out which ones were legitimate. Another is a feature that allows an administrator to manually approve people who are joining a call.Ĭheck Point explored whether it was possible to generate large numbers of valid meeting IDs. One such defense is requiring participants to enter a password. Knowing the meeting ID is enough to join a call, unless a couple of defenses get enabled. The flaw was due, in part, to an attacker potentially being able to guess a valid Zoom meeting ID, according to Alexander Chailytko, a research and innovation manager at Check Point, who notes that all Zoom meeting IDs have nine to 11 digits. Zoom adds: "We thank the Check Point team for sharing their research and collaborating with us.” Guessing Meeting IDs Zoom says it fixed the flaws found by Check Point in August 2019, and that it has “continued to add additional features and functionalities to further strengthen our platform." Poorly secured systems can give hackers remote access to microphones and video cameras, including in board rooms, resulting in the exposure of sensitive or confidential information. Vulnerabilities in conferencing software are notable because of the pervasiveness of such systems in businesses. See Also: OnDemand Webinar | Learn Why CISOs Are Embracing These Top ASM Use Cases Now The attack, however, is no longer possible thanks to Zoom having put mitigations in place. The vulnerability was found by Check Point Software Technologies, which published its findings. ![]() ![]() Zoom Video Communications has fixed a vulnerability that - under certain conditions - could have allowed an uninvited third party to guess a Zoom meeting ID and join a conference call.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |