Zoom URL flaw could have allowed hackers to steal sensitive info

Zoom will benefit from permanent change in business travel: SteelHouse CEO

SteelHouse CEO Mark Douglas argues as leisure travel returns to normal, business travel may never return to post-coronavirus levels.

Zoom has fixed a flaw with its customizable URL feature that would have allowed hackers to steal sensitive information from users, new research shows.

Continue Reading Below

TickerSecurityLastChangeChange %
ZMZOOM VIDEO COMMUNICATIONS INC.246.52-9.70-3.78%

The vulnerability in video conference app's "Vanity URL," or customizable URL feature, allowed a bad actor to impersonate an organization's Vanity URL and send a fraudulent invitation that appeared to be legitimate to the victim, according to new findings from cybersecurity company CheckPoint.

IS ZOOM SAFE?

A bad actor also could have directed a victim to a sub-domain (a sub-section of a primary website's address) webpage, "where the victim entered the relevant meeting ID and would not be made aware that the invitation did not come from the legitimate organization," Check Point researchers wrote in their findings.

ZOOM RESPONDS FOLLOWING CHINA CONTROVERSY

In other words, a hacker could have posed as a legitimate company employee, sent a victim an invitation from an organization’s Vanity URL, directed that victim to another webpage and attempted to steal that victim's credentials and information, an act known as "phishing," according to CheckPoint.

In this photo taken of a computer screen April 15, 2020, shows the Michigan Supreme Court who broke new ground by hearing two cases via Zoom video conferencing. (AP Photo/Ed White)

A Zoom spokesperson said the company has "put additional safeguards in place for the protection of its users" in response to CheckPoint's findings.

"Zoom encourages its users to thoroughly review the details of any meeting they plan to attend prior to joining and to only join meetings from users they trust. We appreciate Check Point notifying us of this issue," the spokesperson said.

BIG-NAME TWITTER ACCOUNTS HACKED IN BITCOIN 'SCAM'

As CheckPoint researchers note in their findings, Zoom has seen unprecedented growth during the coronavirus pandemic. It grew from about 10 million daily meeting participants in January to more than 300 million in April. Such a surge has exposed a number of flaws with the video conference app.

Zoom has come under the pressure of Congress, state lawmakers and the FBI over privacy and security concerns that have since been fixed over the course of the past several months.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

As part of the app's new 90-day security plan that launched in April, Zoom releases security progress reports every three months. In its latest July 1 report, Zoom released an updated version of the app that contains "100 new features," including free encryption, the ability to report users, could recording expiration and more.

CLICK HERE TO READ MORE ON FOX BUSINESS

Source: Read Full Article