Security researchers claimed that online video meeting platform Zoom is vulnerable to remote attacks. According to cybersecurity expert [email protected]_g0dmode, Zoom’s video conferencing software for Windows is vulnerable to “UNC path injection” flaw that could let hackers steal Windows passwords and execute arbitrary commands on their devices, The Hacker News reported.
The researcher stated that these kinds of attacks are possible because Zoom for Windows software supports remote UNC paths that convert insecure URIs into hyperlinks when received via chat messages. Zoom is a cloud-based enterprise communication platform with over 74,000 customers and 13 million active users. It offers chat, audio, video conferencing, and options to host webinars and virtual meetings online.
How Does the Bug Work?
The existence of the vulnerability is also confirmed by security researchers Matthew Hickey and Mohamed Baset, who stated that attackers exploit the process where Windows inevitably exposes a user’s login username and NTLM password hashes to a remote SMB server while downloading a file hosted on it. In order to steal passwords, the attacker needs to send a crafted URL (i.e., \\x.x.x.x\abc_file) to a victim via a chat interface. Once the user clicks the URL, it eventually allows the attacker-controlled SMB share to capture the verification data from Windows, without the user knowledge.
Zoom Fixes the Bug
Soon after the vulnerability was identified, the company fixed the issue by releasing a patch. The CEO of Zoom, Eric Yuan, addressed the security issues and stated that a patch has been released to fix the UNC vulnerability. The fix will be pushed out automatically to all the users.
In a blog post, Yuan said, “We recognize that we have fallen short of the community’s – and our own – privacy and security expectations. For that, I am deeply sorry, and I want to share what we are doing about it. For the past several weeks, supporting this influx of users has been a tremendous undertaking and our sole focus. We have strived to provide you with uninterrupted service and the same user-friendly experience that has made Zoom the video-conferencing platform of choice for enterprises around the world, while also ensuring platform safety, privacy, and security.”
FBI Slams Zoom
Recently, the FBI slammed Zoom for not maintaining proper privacy and security measures for its users. The authorities also warned that the video meeting app is prone to hacking, as it has certain unpatched bugs.
Cybercriminals Target Zoom Domains to Distribute Malware
With majority of the employees working remotely, online communication platforms like Zoom saw a sudden increase in their popularity. According to a report from Check Point, hackers are taking advantage of the rise in Zoom usage by registering fake and malicious Zoom domains. The report stated that around 1,700 new Zoom domains have been registered since the pandemic, with 25% of the domains registered in the past seven days alone.