Science

Zoom's latest security flaw allows hackers to steal customers' Microsoft Windows credentials


Zoom has become a staple in homes across the globe as the coronavirus is forcing millions to work from home, but it is also turning into a security fiasco.

A new report found a vulnerability in the software that lets cybercriminals steal users’ Microsoft Window passwords who click on a link shared in a chat.

Security researchers found Windows automatically leak’s a user’s credentials in a link they click inside the chat, allowing a hacker who is hiding in the shadows to cease the personal information. 

Although the passwords will appear hashed, a simple tool can easily revert them to plain text.

The security flaw was uncovered by Bleeping Computer, which demonstrated how regular URL and the UNC path of \evil.server.comimagescat.jpg were both converted into a clickable link in the chat message.

The problem with this is, according to Bleeping Computer: ‘When a user clicks on a UNC path link, Windows will attempt to connect to a remote site using the SMB file sharing protocol to open the remote cat.jpg file.’

Scroll down for video 

A new report found a vulnerability in  Zoom that lets cybercriminals steal users' Microsoft Window passwords who click on a link. Security researchers found Windows automatically leak's a user's credentials in a link they click inside the chat, allowing a hacker who is hiding in the shadows cease the personal information

A new report found a vulnerability in  Zoom that lets cybercriminals steal users’ Microsoft Window passwords who click on a link. Security researchers found Windows automatically leak’s a user’s credentials in a link they click inside the chat, allowing a hacker who is hiding in the shadows cease the personal information

The latest flaw follows a slew of security and privacy issues Zoom has faced since becoming popular during the coronavirus, – many people are self-isolating and using the service to keep their businesses and relationships alive.

The biggest issue the service has been hit with is internet trolls who are ‘Zoom-bombing calls by displaying pornographic and racists content while users hold work conferences, online teaching sessions and even alcohol anonymous meetings – leaving many to wonder just how secure the service is. 

However, there is a quick fix for the recent problem that lets hackers steal credentials known as the ‘Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers’ policy and is found under the following path in the Group Policy Editor.

Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers

ZOOM ALTERNATIVES

  • GoToMeeting 
  • Google Hangouts Meet 
  • Zoho Meetings 
  • Join.me 
  • Cisco Webex Meetings 
  • BlueJeans 
  • TeamViewer 
  • Riot 
  • Jitsi Meet 
  • Hibox Discord

Although Zoom seems to be a gateway for hackers, Zoom CEO Eric Yuan spoke with Good Morning America Wednesday to assure the public that privacy is of upmost importance to the firm and revealed features that will keep internet trolls at bay.

Yuan explained that users can create passwords for meetings, waiting rooms and lockdown each session in order to keep their calls safe.   

‘We take privacy very seriously and have privacy a policy and our intention is never to sell any customer data,’ Yuan said during a video interview.

‘After meetings are over we do not check anything.’

Digital break-ins on Zoom meetings are taking place across the nation as much of country is placed on lockdown and forced to resort to online video conferences to communicate to limit the spread of the coronavirus.

As of Wednesday, more than 200,000 cases have been reported and the death toll has surpassed 4,300. 

Yuan explained that users can create passwords for meetings, waiting rooms and lockdown each session in order to keep their calls safe

Yuan explained that users can create passwords for meetings, waiting rooms and lockdown each session in order to keep their calls safe

However, all trolls have to do is search the internet for links to video conferences and enter the calls to launch their sneering harassment.

‘There are things we can do every day to protect ourselves while using the platform,’ he said.

‘You need to understand the secure feature of about how to use Zoom.’

Those features include creating a password for each meeting, so only those attending can enter.

Users can also establish a waiting room for the group, allowing them to welcome in specific people and keep track of who is attending.

And for added safety, meetings can be lockdown once everyone is inside.

Internet trolls are ‘Zoom-bombing’ calls by displaying pornographic and racists content – leaving many to wonder just how secure the service is. However, Zoom CEO Eric Yuan s assure the public that privacy is of upmost importance

Internet trolls are ‘Zoom-bombing’ calls by displaying pornographic and racists content – leaving many to wonder just how secure the service is. However, Zoom CEO Eric Yuan s assure the public that privacy is of upmost importance

The Good Morning America interview comes at a time when Zoom is under scrutiny for privacy issues.

Users are complaining to the FBI about being bombarded with porn during meetings.

New York Attorney General Letitia James sent a letter to the in-vogue California enterprise ‘with a number of questions to ensure the company is taking appropriate steps to ensure users’ privacy and security,’ a spokesman said.

He refused to give further information on the contents but added Tuesday that James’s office was ‘trying to work with the company’ to resolve any problems.

The investigation comes after the FBI’s Boston office warned on Monday that it had ‘received multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language.’

The FBI listed two examples where hackers had ‘Zoom-bombed’ schools which have closed because of the deadly virus and which are now teaching classes online.

A Massachusetts high school reported that an unidentified individual dialed into the virtual classroom and yelled a profanity at the teacher before shouting the teacher’s home address.

Zoom has become a staple in the US as miillions of Americans are self-isolating during the coronavirus. As of Wednesday, more than 200,000 cases have been reported and the death toll has surpassed 4,300

Zoom has become a staple in the US as miillions of Americans are self-isolating during the coronavirus. As of Wednesday, more than 200,000 cases have been reported and the death toll has surpassed 4,300

Another school in the same state reported the appearance of an unknown person with swastika tattoos.

Using the hashtag ‘zoombombed,’ social media users have testified that they suddenly saw pornographic or racist images on their screens while using the app.

The FBI recommended that Zoom users make all meetings private and avoid screen sharing to combat would-be hackers.

Internet trolls have also hijacked Alcoholics Anonymous video conference calls and shouted slurs, made misogynistic comments and taunted members about the taste of alcohol.

The AA meeting for the New York Inter-Group Association, the regional division of the national organization, has been meeting remotely for the past week using the software Zoom to have video meetings in light of the coronavirus lockdown, which bans large gatherings.

During Tuesday’s meeting the members suddenly heard a man’s voice interject and shout anti-Semitic slurs and insensitive references to drinking, and boasting, ‘Alcohol is soooo good’, one group participant said, according to Business Insider.

WHAT IS SOCIAL DISTANCING?

Social distancing is a term used by health authorities to help slow the spread of coronavirus by keeping an appropriate distance between people.

Australian health authorities recommend at least 1.5 metres between each person at all times.

This is because coronavirus can be transmitted by: 

  • Coughing
  • Sneezing
  • Being in the same space for a long period 
  • Touching the same surface 

Social distancing also refers to limiting physical contact with each other as much as possible which has led to authorities encouraging people to work from home, avoid crowded spaces and public transport as much as possible.

Source: Australian Department of Health

 



READ SOURCE

Leave a Reply

This website uses cookies. By continuing to use this site, you accept our use of cookies.