The massively popular video conferencing software has patched a security loophole that could have allowed anyone to remotely eavesdrop on unprotected active meetings, potentially exposing private audio, video, and documents shared throughout the session.
Zoom hosts password-protected virtual meetings and conferences but also allows users to set up sessions for non-registered participants that can join active conversations without additional logins or passwords required. The only thing that such a person needs is a randomized 9, 10, or 11-digit meeting ID that is generated unique per each conversation. If such ID got leaked outside the intended group of people anyone that owns the meeting ID can join the meeting and obtain private, valuable or sensitive information unnoticed.
Zoom generates this random meeting ID, comprised of 9, 10, and 11-digit numbers, for each meeting you schedule or create. If leaked beyond an individual or intended group of people, merely knowing Meeting IDs could allow unwelcome guests joining meetings or webinars.
Changes in the security of the conference calls
To circumvent such scenarios, Zoom late last year introduced some additional controls under the password settings for meetings and webinars, which according to Check Point, was the result of research on security loophole the security firm responsibly reported to the company in July 2019.
"A hacker could pre-generate a long list of Zoom Meeting IDs, use automation techniques to quickly verify if a respective Zoom Meeting ID was valid or not, and then gain entry into Zoom meetings that were not password protected," researchers claimed.
Zoom claims that the privacy and security of users is their top priority and this issue is going to be fixed with additional features and further steps to strengthening the platform. However, video conferencing flaws in the platform got discovered back in 2018.
Desktop conferencing application allowed remote attackers to hijack screens and kick people out of the meetings. Also, a zero-day vulnerability in the Zoom version for macOS that allowed access to webcams got reported last year.