This Zoom vulnerability lets hackers record meetings even when host disables recording functionality for participants.
Article updated with a statement from Zoom.
As you may know, hackers are actively exploiting critical flaws in the video communications service provider Zoom to carry out zoombombing amid Coronavirus. Then, there are those who are selling millions of authentic Zoom login credentials. And now, a Zoom vulnerability that puts millions of users at risk across the globe.
Recently, the IT security researchers at Morphiec have discovered a critical malware vulnerability which if exploited can allow attackers to record live Zoom meetings and audio conversations.
What’s worse is that by using the vulnerability attackers can carry out recordings even if the host disables recording functionality for participants. All that without the host’s knowledge or permission.
In a blog post, Morphisec’s researcher Daniel Petrillo wrote that,
The trigger (evading detection) is a malware that injects its code into a Zoom process without any interaction of the user and even if the host did not enable the participant to record. When recording in this way, none of the participants are notified that the session is being recorded while the malware fully controls the output.
The vulnerability can not only open doors for malware attacks, but hackers can also use the opportunity to launch large scale espionage campaigns against businesses, steal secrets or credentials, and much more.
Morphisec has demonstrated how the attack works:
The good news is that Morphiec researchers have already informed Zoom about the vulnerability however it is unclear if the company has patched the flaw or not. Therefore, if you are a Zoom user follow the below-given precautions to protect yourself from hackers.
1- Enforce complex Zoom meeting passwords by default for all users
2- Credential stuffing is a known issue in the industry, and the Zoom application is one of the hackers’ targets.
3- Users (and average consumers) are advised not to re-use their passwords on other apps and websites and monitor for potential data breaches via services such as HaveIbeenPwned and AmIbreached.com.
4- Implement multi-factor authentication where possible
5- Organizations are encouraged to consider a data breach monitoring solution to reduce their exposure window and mitigate the risks.
“This is an attack vector that all Windows applications are susceptible to – not just Zoom. Executing this attack as described requires a user to self-install a piece of malware to their own computer. Once running, that malware can, like any other piece of malware, control and alter the behavior of any locally-executed applications, including Zoom,” the company told Hackread.com