Potential Flaw in Zoom Lets Attackers Steal Windows Login Credentials
By Yash Kudal
Zoom has been there for nine years, but the urgent need for an easy-to-use video application during coronavirus violence has made it a beloved tool for millions of people.
Although Zoom is an effective solution for online video conferencing, it is not the best choice for privacy and security.
The Windows Zoom Client is vulnerable to UNC path injection which could allow remote attackers to steal access credentials of victim’s Windows programs confirmed by researchers Matthew Hickey and Mohamed A. Baset
This attack involves a SMBRelay strategy in which Windows exposes the login username and password hashes to the SMB server while attempting to connect and downloading a file hosted on it.
This attack is only possible because Zoom for Windows supports UNC remote modes, which converts those potentially unsafe URLs into recipient links for personal or group chat.
To steal Windows user authentication, all the hacker need to do is send a framed URL to the victim and wait for the victim to click it once.
Of note, the passwords captured are not in clear text, but a weak password can easily be cracked using tools like HashCat or John the Ripper.
In a shared environment, such as an office space, stolen login information can also be used immediately to compromise other users or IT resources and trigger additional attacks.
Zoom has already been notified of this bug, but since the bug has not been patched till now, users are advised to use another conference software.
In addition to using a secure password every time, Windows users can change their security policy to restrict the operating system to pass NTML credentials to a remote server
Another report confirmed that Zoom does not use encryption to protect its users’ data.
Last week, Zoom updated its iOS app after getting caught that it shares users device information with facebook servers, raising concerns by not protecting users privacy.