06:35 GMT26 February 2020
Listen Live
    Business
    Get short URL
    0 30
    Subscribe

    Video communications company Zoom has introduced a series of patches after it was revealed that a security flaw easily allowed potential hackers to join and eavesdrop on video meetings without an invitation.

    Software and cybersecurity company Check Point Research announced Tuesday that Zoom has introduced “a number of mitigations” to strengthen its video and audio conferencing platform’s security after the research group identified a major privacy issue.

    According to the cybersecurity research company’s release, one’s video conference could be accessed by a random user without a direct invitation if they simply manually entered a Zoom Meeting ID, which is a 9-, 10- or 11-digit number corresponding to a given conference.

    To test out an infiltrator’s ability to access an active meeting, Check Point researchers automated the process of guessing random 9-, 10- and 11-digit Zoom Meeting IDs and managed to “predict ~4% of randomly generated Meeting IDs.”

    While there is a “require meeting password” option, it is not always selected by users of Zoom, which include Uber, Delta Air Lines, 60% of Fortune 500 companies and 96% of the top 200 US colleges and universities, reported The Hill.

    With Zoom being utilized by such large organizations, meetings sometimes comprise thousands of people and are not necessarily being routinely monitored by the conference creators.

    “It was sort of like Zoom roulette,” Yaniv Balmas, head of cyber research at Check Point, told The Verge earlier this week. “The implications would be, if you’re having a video chat and have multiple members joining, you may not notice if someone who isn’t supposed to be there is sitting there listening to you.”

    After identifying the glaring vulnerability, Check Point contacted Zoom in July 2019 and proposed a number of mitigations, including a restructuring of its Meeting ID algorithm, replacing the randomization function of the IDs and forcing hosts of meetings to create a password, PIN or similar type of verification.

    “We didn’t look at [other similar platforms], but what we found here is a shout out to them,” Balmas said. “You must look out for these kinds of things, for ways that unauthorized users can gain access, for any application that has access to your microphone or camera.”

    Related:

    Pentagon Slashes Black Hawk Numbers it Planned to Supply to Afghan Forces
    Delta Air Lines Fined Over Booting Three Muslim Passengers Off Flights
    Trump Legal Team Concludes Impeachment Trial Opening Arguments
    Photo: China Demands Apology Over Coronavirus Cartoon Published in Danish Newspaper
    Germany Abandons $2.5 Billion Purchase of US Triton Drones
    Tags:
    security, research, video conference
    Community standardsDiscussion
    Comment via SputnikComment via Facebook