Attackers could discover the key to your private Zoom video calls in minutes.
The popular video call platform, Zoom, is again at the center of the controversy after a cybersecurity analyst has discovered a serious vulnerability in service, which would allow attackers discover the password for private meeting rooms in just a few minutes.
The analyst in question, Tom Anthony, explains that while Zoom private meetings can be protected with numerical passwords of up to six digits, the platform’s web client does not have a maximum attempt limit when entering the password, thus enabling the possibility of carrying out the brute force attacks in order to retrieve the correct key that grants access to the session. The fact of using six-digit keys implies that there are a million combinations different that can be used.
Brute force attacks, what are they and how do they work? | When we talk about brute force attacks, we are referring to a procedure that consists of trying to recover a key or password by trying all the available combinations, usually in an automated way, using systems specifically designed to generate the keys within a specific range.
By exploiting this vulnerability, attackers could access and listen to private meetings. In this sense, the attacker explains that it was only necessary know the caller ID or ID code and start trying different combinations until you find the key.
Zoom, again at the center of the controversy due to a serious security breach
In the publication where Anthony exposes the details of this investigation, he explains that, for get passwords for private Zoom sessions, it was enough to develop a simple tool using the Python programming language. With it, it was achieved check up to 25 six-digit keys every secondso discovering the correct key could take less than half an hour using an ordinary computer, like the one anyone could have at home. In fact, it explains that in case of having used more advanced techniques, distributing the execution of the script on cloud servers, checking the full range of keys could take just a few minutes.
Even if Zoom was notified of this vulnerability in early April., and shortly thereafter the problem was remedied through the implementation of an extra layer of security that requires passwords are non-numeric and longer than the original six digits, the reality is that it is yet another stone in the way of Zoom, a platform that since it suffered its popularity explosion as of April of this year, has been at the center of the controversy on many occasions due to its serious security flaws and questionable privacy policies. Even the CEO of the company had to step up, warning about the company’s intention to act faster when it comes to discovering and correcting these kinds of problems.
“The vulnerability has already been addressed through the implementation of an extra layer of security.”
Be that as it may, it seems pretty clear that Zoom has had great success, and that its progress in terms of security and privacy does not seem to come quickly enough despite the company’s efforts. It is not surprising, therefore, that in recent weeks alternatives like Google Meet are gaining adherents by leaps and bounds.
Join our Telegram channel to stay on top of all the latest Android hours. If you prefer, you can also insurers on Instagram.