6.9 C
Alba Iulia
Thursday, June 4, 2020

Zoom security bug allows attackers to steal Windows passwords

Must Read

‘Lionhearted’ Girl Bikes Dad Across India, Inspiring a Nation

NEW DELHI - She was a 15-year-old with a simple mission: bring papa home.Jyoti Kumari and her dad had...

Jaime King’s estranged husband Kyle Newman claims she’s a ‘chronic drug addict and alcoholic’

In newly filed short docs, Kyle newman is claiming his estranged wife and mother of his kids, Jaime King,...

Uploads% 252fvideo uploaders% 252fdistribution thumb% 252fimage% 252f94635% 252f280012fa 8e64 4800 95ca c070c5b0581f.png% 252f930x520.png? Signature = hvbjjmobh bcxw mcpzxvuvd5% 2pfpf

Zoom, the video conferencing software that has soared in popularity because much of the world is at home due to the coronavirus epidemic, quickly turns into a privacy and security nightmare.

BleepingComputer reports a recently discovered vulnerability in Zoom which allows an attacker to steal Windows login credentials from other users. The problem lies in how the Zoom discussion handles links, because it converts Windows Naming Convention (UNC) paths for Windows networking to clickable links. If a user clicks on such a link, Windows will disclose the user’s Windows login name and password.

The good thing is that the password is hashed; but the bad thing is that in many cases it is simple to reveal it using password recovery tools such as Hashcat.

The vulnerability was first discovered by a security researcher @ _g0dmode and verified by a security researcher Matthew Hickey. In addition, Hickey told the media that this vulnerability can be used to launch programs on a victim’s computer when they click a link, although Windows gives (default) at least one security warning before start the program.

As for security vulnerabilities, this is pretty bad, because it doesn’t require a lot of knowledge to be exploited. This requires that the victim actually clicks on a link, and this can be mitigated by tweaking Windows security settings, but it’s certainly something that Zoom should fix by changing the way platform chat handles UNC links.

In the meantime, for a quick solution, go to Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> Network Security: restrict NTLM: outgoing NTLM traffic to remote servers and set to “Deny all” .

Mashable contacted Zoom to comment on this story, and we will update it when we respond to you.

It’s not the only privacy / security issue that has been discovered at Zoom in the past two weeks. Just yesterday, The Intercept reported that Zoom does not actually use an end-to-end encrypted connection for its calls, although it claims to do so. There is also the problem disclosure of user emails and photos to unrelated parties, and the fact that the company’s iOS app, until recently, sent data to Facebook without valid reason.

The Zoom software also has some disturbing privacy features, and while this is not Zoom’s fault, it should be noted that the Pirates are using the new popularity of the app to entice users to download malware.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest News

‘Lionhearted’ Girl Bikes Dad Across India, Inspiring a Nation

NEW DELHI - She was a 15-year-old with a simple mission: bring papa home.Jyoti Kumari and her dad had...

Agent Does Not Expect Bradley Beal To Be Traded To Nets Or Anyone Else

WASHINGTON, DC - MARCH 10: Bradley Beal #...

Jaime King’s estranged husband Kyle Newman claims she’s a ‘chronic drug addict and alcoholic’

In newly filed short docs, Kyle newman is claiming his estranged wife and mother of his kids, Jaime King, is a “chronic drug addict...

Albertans in B.C. border towns find hostile reception at times due to COVID-19 worries

As Albertans seek weekend mountain getaways, some are finding their presence in B.C. border communities isn't always warmly welcomed. Jessica Gray, who has...

Morrison government reveals JobKeeper ‘error’ as global COVID-19 cases surpass 5.1 million, Australian death toll stands at 101

So often it's the rats and mice that change the face of history, writes Elizabeth Farrelly. The sword glint that triggers the battle that...

More Articles Like This