Israeli researchers discover, fix Zoom vulnerability

In January 2020, Check Point discovered a vulnerability that would allow hackers to potentially identify and join active meetings.

Eric Yuan, CEO of Zoom Video Communications (photo credit: REUTERS/CARLO ALLEGRI)
Eric Yuan, CEO of Zoom Video Communications
(photo credit: REUTERS/CARLO ALLEGRI)
Israeli researchers from the company Check Point discovered and fixed a previously unknown program vulnerability that allowed cybercriminals to take advantage and phish users of the popular videoconferencing service Zoom, which has gained many users in light of the coronavirus pandemic, according to a press release from the company on Thursday.
Since the onset of the pandemic, Zoom has gone from 10 million average participants in December 2019 to 300 million by April 2020, serving as an important means for holding high-level government and business meetings, university and school classes and family gatherings, prompting cybercriminals to register more domains with the name "Zoom," which may trick people into disclosing personal information on these fake websites.
In January 2020, Check Point discovered a vulnerability that would allow hackers to potentially identify and join active meetings, making vulnerable business secrets and more, leading Zoom to close the access point.
The central method that allowed cybercriminals to hack Zoom was a fault associated with the Vanity URL option, which gave users the option to put their personal websites on Zoom, whereby an attacker may have attempted to impersonate an organization’s Vanity URL link, and later send invitations to other users in order to phish accounts.
As noted in the Check Point report, "The security issue is focused on the sub-domain functionalities described above. There are several ways to enter a meeting containing a sub-domain, including using a direct sub-domain link containing the meeting ID, or using the organization’s customized sub-domain web UI."
Additional sub-methods include a direct-link capability, in which an attacker, upon the start of a meeting, could change the invitation link URL to include any registered sub-domain (website). This means that a user would not have known, or without checking the specific address, prompting them to become phishing victims.
Similarly, "another way of entering a meeting is with the organization’s dedicated sub-domain web UI," Check Point said in the press release.
In this case, "a user can enter any meeting ID in this screen, whether it was originally scheduled by the organization’s employee or not, and join the relevant Zoom session. An attacker could have invited the victim to join the session through the dedicated website, and the victim would have had no way of knowing the invitation did not actually come from the legitimate organization."
"For example, an attacker could have introduced themselves as legitimate employees in the company, sending an invitation from an organization’s Vanity URL to relevant customers in order to gain credibility. This activity could have then been leveraged to stealing credentials and sensitive information, as well as other fraud actions," Check Point stated.
The information on Zoom's vulnerability was shared by Check Point as part of cooperation between the two companies.
In a statement to The Jerusalem Post, Zoom stated that “Zoom has addressed the issue reported by Check Point and put additional safeguards in place for the protection of its users. Zoom encourages its users to thoroughly review the details of any meeting they plan to attend prior to joining, and to only join meetings from users they trust. We appreciate Check Point notifying us of this issue. If you think you’ve found a security issue with Zoom products, please send a detailed report to security@zoom.us.”