Internet

Zoom bug can let hackers steal your Windows password

Another media report claimed that Zoom doesn’t use end-to-end encryption to protect calling data of its users

Another media report claimed that Zoom doesn’t use end-to-end encryption to protect calling data of its users   | Photo Credit: Getty Images/iStockphoto

The ‘Zoom client for Windows’ is vulnerable to the ‘UNC path injection’ vulnerability that could let remote attackers steal login credentials for victims’ Windows systems, reports TheHacckeNews

Slammed for the lack of users’ privacy and security by the U.S. Federal Bureau of Investigation (FBI) and cybersecurity experts, video meeting app Zoom is also prone to hacking, a new report has claimed, saying an unpatched bug can let hackers steal users Windows password.

The ‘Zoom client for Windows’ is vulnerable to the ‘UNC path injection’ vulnerability that could let remote attackers steal login credentials for victims’ Windows systems, reports TheHacckeNews.

The latest finding by cybersecurity expert @_g0dmode, has also been “confirmed by researcher Matthew Hickey and Mohamed A. Baset,” the report said late on Wednesday.

The attack involves the ‘SMBRelay technique’ wherein Windows automatically exposes a user’s login username and NTLM password hashes to a remote server, when attempting to connect and download a file hosted on it.

“The attack is possible only because Zoom for Windows supports remote UNC paths, which converts such potentially insecure URLs into hyperlinks for recipients in a personal or group chat,” the report claimed.

Besides Windows credentials, the vulnerability can also be exploited to launch any programme present on a targeted computer.

Zoom has been notified of this bug but the flaw is yet to be fixed.

“Users are advised to either use an alternative video conferencing software or Zoom in your web browser instead of the dedicated client app,” said the report.

Another media report claimed that Zoom doesn’t use end-to-end encryption to protect calling data of its users.

As businesses, schools and colleges and millions of SMBs use video conferencing tool Zoom during the work-from-home scenario, the U.S. Federal Bureau of Investigation (FBI) has warned people about porn material being popped up during the video meetings.

The Boston branch of the law enforcement agency said it has received multiple reports of Zoom conferences being disrupted by pornographic and/or hate images and threatening language.

The video conferencing app late last month updated its iOS app to remove the software development kit (SDK) that was providing users’ data to Facebook through the Login with Facebook feature.

A letter from the Editor


Dear reader,

We have been keeping you up-to-date with information on the developments in India and the world that have a bearing on our health and wellbeing, our lives and livelihoods, during these difficult times. To enable wide dissemination of news that is in public interest, we have increased the number of articles that can be read free, and extended free trial periods. However, we have a request for those who can afford to subscribe: please do. As we fight disinformation and misinformation, and keep apace with the happenings, we need to commit greater resources to news gathering operations. We promise to deliver quality journalism that stays away from vested interest and political propaganda.

Support Quality Journalism
Recommended for you
This article is closed for comments.
Please Email the Editor

Printable version | May 26, 2020 9:10:55 AM | https://www.thehindu.com/sci-tech/technology/internet/zoom-bug-can-let-hackers-steal-your-windows-password/article31233645.ece

Next Story