Security News > 2020 > January > The duke of URL: Zoom meetups' info leaked out through eavesdrop hole

The duke of URL: Zoom meetups' info leaked out through eavesdrop hole
2020-01-28 12:22

Video-conferencing outfit Zoom had a vulnerability in its URL scheme that miscreants could exploit to eavesdrop on private meetings.

The firm reckoned that around 4 per cent of randomly generated meeting IDs led to genuine Zoom meetings.

"Zoom is a hugely popular for business meetings, which are often about highly sensitive commercial or legal issues - yet our research showed how a hacker could easily access random Zoom meetings and eavesdrop on the meetings and eavesdrop on the meetings' discussion and material," said Oded Vanunu, head of product vulnerability research at Check Point.

As a result, Zoom patched the security weakness and released a series of fixes, which included requiring users to set passwords on all future meetings, and blocking devices that repeatedly try to scan for meeting IDs.

In response to this story, a Zoom spokesperson said: "The privacy and security of Zoom's users is our top priority. The issue was addressed in August of 2019, and we have continued to add additional features and functionalities to further strengthen our platform."


News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/01/28/zoom_eavesdrop_hack/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Zoom 55 4 67 57 9 137