sb-as logo
Story image

Zoom meetings infiltrated by hackers - Check Point

Check Point Research identified a major security flaw in Zoom, the video conferencing service used by over 60% of the Fortune 500. 

Check Point’s researchers were able to prove that hackers could easily generate and verify Zoom Meeting IDs to target victims, enabling a hacker to eavesdrop on Zoom meetings, giving them intrusive access to all audio, video and documents shared throughout the duration of the meeting.

Guessing Zoom meeting IDs

Zoom meeting IDs are access points for Zoom meeting participants. Typically, these ID numbers comprise of 9, 10 and 11-digit numbers.

Researchers at Check Point learned that a hacker could pre-generate a long list of Zoom Meeting ID numbers, use automation techniques to quickly verify if a respective Zoom Meeting ID was valid or not, and then gain entry into Zoom meetings that were not password protected. 

Researchers found that around 4% of their randomly-generated meeting IDs led to a genuine Zoom meeting ID.

Eavesdropping in three easy steps

In summary, a hacker could eavesdrop into a Zoom meeting by following three easy steps:

  1. Generate a list of Zoom Meeting IDs
  2. Quickly validate the existence of each Zoom Meeting ID
  3. Connect to the meeting.

Check Point first contacted Zoom on July 22, 2019 and shared these findings as part of its standard responsible disclosure process.

Check Point subsequently worked with Zoom to issue out a series of fixes and new functionality to fully patch the security flaws Check Point discovered.

Zoom’s security changes 

As a result of Check Point’s disclosure, Zoom introduced the following security features and functionalities into its technology:

  1. Default passwords: Passwords are added by default to all future scheduled meetings.
     
  2. Password additions by user: Users can add a password to already-scheduled future meetings.
     
  3. Account and group level password enforcement: Password settings are enforceable at the account level and group level by the account admin.
     
  4. Meeting ID validation: Zoom will no longer automatically indicate if a meeting ID is valid or invalid. For each attempt, the page will load and attempt to join the meeting. Thus, a bad actor will not be able to quickly narrow the pool of meetings to attempt to join.
     
  5. Device blocker: Repeated attempts to scan for meeting IDs will cause a device to be blocked for a period of time.
Story image
Entrust acquires HyTrust, with aim to improve data encryption solutions
Entrust says the acquisition will bolster its effort to deliver data protection and compliance solutions to its customers, while accelerating their digital transformations.More
Story image
IT professionals destroying end-of-life hardware over fears of data breaches - report
IT directors are destroying end of life tech hardware as opposed to erasing its data out of fear of making a mistake and facing data breaches.More
Story image
PDI acquires Cybera and ControlScan MSS to protect against security threats
The acquisition complements PDI's existing industry-focused cloud product strategy, bringing customers a fully managed, cloud-based network security solution, the company states.More
Story image
Check Point exposes Android malware vendor using dark net to rebrand products
Check Point security researchers have exposed an Android malware vendor using a marketer on the dark net to rebrand its products, with the intention of supercharging business and throwing off security vendors. More
Story image
Kaseya announces unified RMM solution
The new unified remote monitoring and management solution is a major component of Kaseya VSA.More
Story image
IronNet expands Asia Pacific presence with new strategic partnership
“The combination of M.Tech’s extensive network in Asia Pacific and our unparalleled expertise in threat intelligence and detection will help more enterprises across the region to proactively identify and take down known and unknown threats before they happen.”More