Zoom Fixes Flaw Opening Meetings to Hackers


In recent years, the increasing number of network security vulnerabilities has brought great challenges to personal information security. In 2018, Cloud video conferencing service provider Zoom was found that there is a serious “zero-day vulnerability” that allowed any website to “hijack” a Mac user’s webcam without the user’s permission. The vulnerability could even allow a remote attacker to hijack screen controls and drive participants out of a meeting. It was difficult to get rid of it completely even if the users uninstalled Zoom. This vulnerability may threaten the privacy and information security of 4 million Mac users who use Zoom.

Recently, Zoom fixed another flaw that open meetings to hackers. The problem stems from the fact that a “Meeting Password” is not required for a Zoom conference by default. “Meeting Password” is a password assigned to a Zoom participant as a conference room. If the meeting creator did not enable “Meeting Password”, the only way to secure the meeting is the meeting ID, which is a 9, 10, or 11-digit meeting identification number.

Zoom now adds the password to any scheduled meeting by default. In addition, Zoom has added features that enable users to add passwords to scheduled future meetings, and password settings are implemented at the account level by the account administrator. Zooming will also no longer automatically indicate whether the meeting ID is valid or invalid when the page loads-instead, the page only loads and attempts to join the meeting. So that bad participants will be blocked in order to quickly narrow the scope of the meeting ID. Moreover, repeated attempts to scan the meeting ID may cause the device to be blocked for a period of time.

Last week, Cisco Systems also fixed a high-severity vulnerability in its popular Webex video conferencing platform. This vulnerability could let strangers barge in on password-protected meetings with no authentication necessary.



Contact LIFARS Immediately if Your

Organization was Hit with a Data Breach