Monday, April 19, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

Zoom Bug Could Have Let Uninvited People Join Private Meetings

January 28, 2020
in Internet Privacy
Zoom Bug Could Have Let Uninvited People Join Private Meetings
597
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

If you use Zoom to host your remote online meetings, you need to read this piece carefully.

The massively popular video conferencing software has patched a security loophole that could have allowed anyone to remotely eavesdrop on unprotected active meetings, potentially exposing private audio, video, and documents shared throughout the session.

You might also like

What are the different roles within cybersecurity?

SysAdmin of Billion-Dollar Hacking Group Gets 10-Year Sentence

Severe Bugs Reported in EtherNet/IP Stack for Industrial Systems

Besides hosting password-protected virtual meetings and webinars, Zoom also allows users to set up a session for non-pre-registered participants who can join an active meeting by entering a unique Meeting ID, without requiring a password or going through the Waiting Rooms.

Zoom generates this random meeting ID, comprised of 9, 10, and 11-digit numbers, for each meeting you schedule or create. If leaked beyond an individual or intended group of people, merely knowing Meeting IDs could allow unwelcome guests joining meetings or webinars.

This could be bad news for anyone expecting their conversations to be private.

zoom software hacking

To circumvent such scenarios, Zoom late last year introduced some additional controls under the password settings for meetings and webinars, which according to Check Point, was the result of research on security loophole the security firm responsibly reported to the company in July 2019.

In a report shared with The Hacker News prior to its release, Check Point researchers demonstrated an effective automated but unsophisticated enumeration attack to identify valid random Meeting IDs rather than using the brute force technique.

“A hacker could pre-generate a long list of Zoom Meeting IDs, use automation techniques to quickly verify if a respective Zoom Meeting ID was valid or not, and then gain entry into Zoom meetings that were not password protected,” researchers claimed.

“We were able to predict ~4% of randomly generated Meeting IDs, which is a very high chance of success, compared to the pure brute force.”

As a result of Check Point’s disclosure, Zoom introduced the following security features and functionalities into its cloud-based video conferencing service:

  • Default Passwords ⁠— Zoom now, by default, automatically generates a six-digit numeric password for each meeting you create that participants need to enter when joining by manually entering the meeting ID.
  • Account and Group Level Password Enforcement — Under new controls, three new password settings are now enforceable at the account, group, and user levels by the account admin.
  • Meeting ID Validation — Zoom will no longer automatically indicate if a meeting ID is valid or invalid, making it harder for automated scripts to determine active meetings. For each connection, the page will load and attempt to join the meeting. Thus, a bad actor will not be able to quickly narrow the pool of meetings to attempt to join.
  • Device blocker — To prevent brute force attacks, repeated attempts to scan for meeting IDs will cause a device to be blocked for some time.

In July last year, Zoom made headlines following a serious security vulnerability in its client app for macOS that allowed remote attackers or malicious websites to turn on users’ device camera without their permission or knowledge.


Credit: The Hacker News By: noreply@blogger.com (Swati Khandelwal)

Previous Post

The Complete Guide on Customer Demand Forecasting in Retail

Next Post

CEOs are deleting their social media accounts to protect against hackers

Related Posts

What are the different roles within cybersecurity?
Internet Privacy

What are the different roles within cybersecurity?

April 18, 2021
SysAdmin of Billion-Dollar Hacking Group Gets 10-Year Sentence
Internet Privacy

SysAdmin of Billion-Dollar Hacking Group Gets 10-Year Sentence

April 17, 2021
22-Year-Old Charged With Hacking Water System and Endangering Lives
Internet Privacy

Severe Bugs Reported in EtherNet/IP Stack for Industrial Systems

April 16, 2021
YIKES! Hackers flood the web with 100,000 pages offering malicious PDFs
Internet Privacy

YIKES! Hackers flood the web with 100,000 pages offering malicious PDFs

April 16, 2021
US Sanctions Russia and Expels 10 Diplomats Over SolarWinds Cyberattack
Internet Privacy

US Sanctions Russia and Expels 10 Diplomats Over SolarWinds Cyberattack

April 16, 2021
Next Post
CEOs are deleting their social media accounts to protect against hackers

CEOs are deleting their social media accounts to protect against hackers

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

WordPress could treat Google FloC as a security issue
Internet Security

WordPress could treat Google FloC as a security issue

April 19, 2021
Machine Learning market valuation to surge at 33.8% CAGR through 2025
Machine Learning

Machine Learning market valuation to surge at 33.8% CAGR through 2025

April 19, 2021
Twitter analysing harmful impacts of its AI, machine learning algorithms
Machine Learning

Twitter analysing harmful impacts of its AI, machine learning algorithms

April 19, 2021
Machine Learning Helps Optimize Therapeutic Antibodies
Machine Learning

Machine Learning Helps Optimize Therapeutic Antibodies

April 18, 2021
Researchers at MIT DAI Lab Have Recently Built Cardea: A Machine Learning Framework That Turns Health Care Data Into Insights
Machine Learning

Researchers at MIT DAI Lab Have Recently Built Cardea: A Machine Learning Framework That Turns Health Care Data Into Insights

April 18, 2021
Automating Drug Discovery With Machine Learning
Machine Learning

Automating Drug Discovery With Machine Learning

April 18, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • WordPress could treat Google FloC as a security issue April 19, 2021
  • Machine Learning market valuation to surge at 33.8% CAGR through 2025 April 19, 2021
  • Twitter analysing harmful impacts of its AI, machine learning algorithms April 19, 2021
  • Machine Learning Helps Optimize Therapeutic Antibodies April 18, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates