Zoom patches vulnerability that could allow eavesdropping

Zoom patches vulnerability

Remote conferencing service company, Zoom, has patched a vulnerability that could allow a bad actor to eavesdrop on your company’s online meetings.

Zoom provides remote video and audio conferencing services using cloud computing. The communication software integrates video conferencing, online meetings, chat and mobile collaboration capabilities.

In a blog post, Checkpoint researchers said they were able to predict approximately 4% of randomly generated meeting IDs. The company added such attacks have a high chance of success, especially when compared to brute force attacks.

Checkpoint responsibly disclosed the vulnerability to Zoom in July 2019 and proposed multiple fixes. Those recommendations included:

  • Re-implement a generation algorithm for meeting IDs
  • Use strong cryptography in new algorithm used for randomization
  • Increase length of Meeting IDs
  • Force systems to use passwords\PINs\SSO for authorization purposes.

As part of the patch update, Checkpoint also confirmed that Zoom implemented a host of security features.

Those included adding passwords to meetings by default, stronger admin controls to enforce stronger passwords, and multiple brute force protections, to name a few.