Every application and external hardware that can link up to our mobile devices and computers seems to need access to our cameras and microphones. While this doesn’t sit well with a lot of the world (those who keep tape and sticky notes over their built-in cameras), some don’t seem to mind at all.
But as time goes on we’re increasingly finding out, they should.
Just recently it was discovered that the videoconferencing platform Zoom had a vulnerability that could have potentially allowed a third party (hacker) to access the call while unseen by those meeting. This hacker would have access to not only cameras and microphones, but files shared during the call.
The unique identifiers for Zoom calls (between 9 and 11 digits) are “used by participants as a kind of address to locate and join a specific call,” and researchers found they were able to predict which addresses represented valid meetings (around 4% of the time).
Researchers also discovered they could join these meetings.
Yaniv Balmas, head of cyber research at Check Point described it as a “Zoom roulette,” and explained “the implications would be, if you’re having a video chat and have multiple members joining, you may not notice if someone who isn’t supposed to be there is sitting there listening to you.”
The potential increases as the number of attendees increases, which in Zoom’s case, can accommodate “tens of thousands” in one meeting.
Zoom responded quickly to the security flaw once advised and has since increased the number of digits in meeting ID numbers and made them “cryptographically stong[er],” as well as adding passwords for future meetings.
This should help those using Zoom feel more at ease while sharing important documentation and discussing financial or personal information.
Although the vulnerability allowing third party unauthorized access has been addressed, it still begs the question, how many other conferencing applications can be hacked? Balmas warns that “any videoconferencing platform has inherent risks, even if users take necessary safety precautions.”
Unfortunately, we’ll have to wait for security companies like Check Point Research, who discovered the security flaw in Zoom’s platform, to identify vulnerabilities in any other widely used applications.
Until then, be vigilant about who enters an online chat or conference call, screening all members to effectively eliminate unwanted eyes and ears. Be aware that although a vulnerability may not yet be discovered in the application you’re using, it doesn’t mean one doesn’t exist.
If you need assistance with cybersecurity services contact DarkHound at [email protected].
– Emmy Seigler
Image Source: https://unsplash.com/s/photos/conference-call