You are here: Home » Technology » News
Business Standard

Vulnerability in Zoom app let hackers steal your Windows password: Report

Another media report claimed that Zoom doesn't use end-to-end encryption to protect calling data of its users

Topics
Zoom | Microsoft | Hackers

IANS  |  San Francisco 

Zoom vulnerability
Representative Image

Slammed for the lack of users privacy and security by the US Federal Bureau of Investigation (FBI) and cybersecurity experts, video meeting app is also prone to hacking, a new report has claimed, saying an unpatched bug can let steal users Windows password.

The 'client for Windows' is vulnerable to the 'UNC path injection' vulnerability that could let remote attackers steal login credentials for victims' Windows systems, reports TheHacckeNews.

The latest finding by cybersecurity expert @_g0dmode, has also been "confirmed by researcher Matthew Hickey and Mohamed A. Baset,' the report said late Wednesday.

The attack involves the "SMBRelay technique" wherein Windows automatically exposes a user's login username and NTLM password hashes to a remote server, when attempting to connect and download a file hosted on it.

"The attack is possible only because for Windows supports remote UNC paths, which converts such potentially insecure URLs into hyperlinks for recipients in a personal or group chat," the report claimed.

Besides Windows credentials, the vulnerability can also be exploited to launch any programme present on a targeted computer.

Zoom has been notified of this bug but the flaw is yet to be fixed.

ALSO READ: Slack integrates Microsoft Teams app for video call, Zoom for VoIP calls

"Users are advised to either use an alternative video conferencing software or Zoom in your web browser instead of the dedicated client app," said the report.

Another media report claimed that Zoom doesn't use end-to-end to protect calling data of its users.

As businesses, schools and colleges and millions of SMBs use video conferencing tool Zoom during the work-from-home scenario, the US Federal Bureau of Investigation (FBI) has warned people about porn material being popped up during the video meetings.

The Boston branch of the law enforcement agency said it has received multiple reports of Zoom conferences being disrupted by pornographic and/or hate images and threatening language.


ALSO READ: Leading remotely during lockdown: Eight lessons we can learn from the army

The video conferencing app late last month updated its iOS app to remove the software development kit (SDK) that was providing users' data to Facebook through the Login with Facebook feature.

(Only the headline and picture of this report may have been reworked by the Business Standard staff; the rest of the content is auto-generated from a syndicated feed.)

Dear Reader,


Business Standard has always strived hard to provide up-to-date information and commentary on developments that are of interest to you and have wider political and economic implications for the country and the world. Your encouragement and constant feedback on how to improve our offering have only made our resolve and commitment to these ideals stronger. Even during these difficult times arising out of Covid-19, we continue to remain committed to keeping you informed and updated with credible news, authoritative views and incisive commentary on topical issues of relevance.
We, however, have a request.

As we battle the economic impact of the pandemic, we need your support even more, so that we can continue to offer you more quality content. Our subscription model has seen an encouraging response from many of you, who have subscribed to our online content. More subscription to our online content can only help us achieve the goals of offering you even better and more relevant content. We believe in free, fair and credible journalism. Your support through more subscriptions can help us practise the journalism to which we are committed.

Support quality journalism and subscribe to Business Standard.

Digital Editor

First Published: Thu, April 02 2020. 12:29 IST
RECOMMENDED FOR YOU
RECOMMENDED FOR YOU