News

Vulnerability calling app Zoom allowed eavesdropping on random conversations

By admin
Spread the love

Video conferencing software Zoom had a vulnerability that allowed an outsider to enter random conversations, watch and listen. The attacker had to randomly generate Meeting IDs and thus could enter on a hit.

The discovery was made by security company Check Point. Randomly generating a Zoom Meeting ID provided access to four percent of ongoing meetings, according to Check Point on its blog. However, that did not guarantee that an attacker could also listen in. There is the option to put a password on a meeting and the waiting room function makes it possible to manually admit or reject participants. But if these measures were not enabled, an attacker would have access.

In response to the findings, Zoom has complicated the Meeting ID generation algorithm, extended the IDs, and now forces a host to choose and use a security layer. The disclosure of the findings to Zoom happened in July 2019. It is not clear whether the vulnerability has been exploited. According to The Verge, the fix arrived in August. The site also writes that attempts to brute force a Meeting ID now times out after several attempts.

In 2019, Zoom also had another vulnerability in its calling app on macOS. Due to a vulnerability, an attacker could also listen in on that platform, if he had the Meeting ID.

You might also like
News

Google is serious about ending passwords: ‘passkeys’ are becoming the…

News

Rumor: Apple is working on its own applications based on a large language model

News

Blizzard will release certain games via Steam, starting with Overwatch 2

News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Meta introduces open source language model Llama 2, works on PCs and phones

Exit mobile version