Now patched, but yikes. For our next meeting, let's dial in from a phone box
Video-conferencing outfit Zoom had a major vulnerability in its URL scheme that miscreants could exploit to eavesdrop on private meetings.
That's according to infosec biz Check Point, which says it found snoops could brute-force their way into Zoom-hosted virtual meetings that were not secured by a password.
Hackers would just need to generate a list of 9, 10, or 11-digit meeting IDs, and check whether they were valid or not. If they got a hit, the spies could then eavesdrop on the conferences, and access all the video, audio and documents shared throughout the sessions, although this was only if no password were set.
"The problem was that if you hadn't enabled the 'Require meetings password' option or enabled Waiting Room, which allows manual participants admission, these 9-10 ..
Support the originator by clicking the read the rest link below.
