Zoom Bug Potentially Allowed Attackers to Find and Join Active Meetings
Remote conferencing services provider Zoom patched a vulnerability that could have allowed an attacker to find and join active meetings.
Check Point explained that the issue stemmed from the way in which Zoom secured certain meetings:
If you use Zoom, you may already know that Zoom Meeting IDs are composed of 9, 10 or 11 digits. The problem was that if you hadn’t enabled the “Require meeting password” option or enabled Waiting Room, which allows manual participants admission, these 9-10-11 digits were the only thing that secured your meeting i.e. prevented an unauthorized person from connecting to it.
Researchers at the security firm came up with a list of potentially viable meeting IDs and prepared a URL string for joining the meeting. They then used a “div” element contained in the HTML body of the response returned by accessing this URL to develop a way of verifying the legitimacy of a meeting ID.
By automating this approach, Check Point succeeded in predicting about four percent of the randomly generated meeting IDs. These results constituted a much higher success rate than what they could have achieved using manual brute force attacks, the researchers noted.
On July 22, 2019, Check Point notified Zoom about the vulnerability in the spirit of responsible disclosure. The remote conferencing services provider responded by re-implementing the meeting ID generation algorithm, instituting a cryptographically strong randomization function and increasing the number of characters in a meeting ID. It also forced users to begin using passwords/PINs/SSO for authorization purposes.
News of this vulnerability and its subsequent fix come less than a year after Zoom plugged a security issue that could have allowed an attacker to hijack a Mac user’s webcam without their permission by tricking them into visiting a malicious website.