|
|||||||
Zoom for Windows can leak Windows login details to hackers; details |
 |
|
Views: 897
|
Thread Tools | Rate Thread |
|
|||||||
Zoom for Windows can leak Windows login details to hackers; details |
|
|
Views: 897
|
Thread Tools | Rate Thread |
|
#1
04-01-2020, 10:33 AM
|
|||
|
|||
Zoom for Windows can leak Windows login details to hackers; details
Coronavirus has changed the job landscape across the world with a majority of employees working from home. This shift has also assisted in the rise of new workflows and new tools for work from home. One of the most popular tools around is “Zoom”, a video conferencing service based out of the United States. The app has filled the void for a quality video conferencing app beyond the existing options. In fact, the service has managed to enter the mainstream as an increasing number of casual users are using Zoom. This has pushed the app from a formal corporate setting to the living room. The service is somewhat different than Skype, Google Duo, and WhatsApp video calling. However, a new report just surfaced online highlighting a security flaw in the service. Let’s check all the details here.
Zoom for Windows security flaw details According to a report from Bleeping Computer, a security researcher has just discovered a serious security flaw in the Windows app. Digging deeper, the researcher revealed that the Zoom Windows app “is vulnerable to UNC path injection” attack in the chat feature. This flaw “could allow” hackers to steal Windows login details. It is worth noting that as part of the attack, the hacker needs to send a link in the chat. In addition, a Zoom user with the Windows app needs to click the link. Watch: Top 5 smartphones under Rs 20000 The researcher added that the Zoom Windows app converts “Windows networking UNC paths” into clickable links in the chat. Windows will attempt to connect to the remote website using the SMB file-sharing protocol after the user clicks the link. During this process, Windows will also send the user login information to the website. Hackers can use free tools such as Hashcat to reveal the password on their end.  Also Read Google Duo increases group calling limit to 12 participants In addition, the report also noted the ease of the dehashing process. A hacker can get the actual password in seconds if not minutes depending on the complexity. The report has also outlined steps to bypass this issue. Beyond this, the security researcher revealed that he has notified Zoom regarding this flaw. Though the company has not issued any statement at the time of writing, it is likely to roll out an update to fix the issue. More... 
|
