It’s hard to imagine working in the 21st century without video conferencing apps. They’re crucial for long-distance meetings and make it easier to conduct businesses in a globally connected world.
In fact, conference call apps are just one of many tools in a modern worker’s digital toolkit. Between calendar apps and document scanners, it’s never been easier to get work done on the go. Tap or click for more must-have apps for business travelers.
But sometimes the tools we rely on can lead us to trouble — especially if they’re compromised in some way. In fact, security researchers discovered a critical bug in a popular video chat program that lets hackers eavesdrop on conversations. If you or your business use this app, you need to update immediately.
Security flaw makes Zoom vulnerable to eavesdropping
Analysts at cybersecurity firm Check Point Research discovered a startling bug in the popular video conference app Zoom. If exploited, a hacker (or anyone with basic computer know-how and a random number generator) could peek into a private meeting and eavesdrop without being stopped by the software.
The vulnerability lies in the way Zoom protects calls and meetings with passwords. Ordinarily, Zoom generates a 9, 10 or 11-digit passcode for meeting participants to use. This helps them connect, and keeps outsiders out.
Unfortunately, Zoom’s passcode algorithm is not as cryptographically sound as developers assumed. To test its theory, Check Point used automated software to brute force the passcode. Tap or click to see why brute force can easily reveal bad passwords, which can end up for sale on the Dark Web.
Additionally, a random number generator was able to correctly guess the passcode of a meeting with an accuracy rate of 4%. This was even easier than the brute force, and the success rate is too high to be considered safe.
In response to these findings, Check Point reported the issue to Zoom back in July of 2019, and the findings are just now being released to the public. This is done on purpose, to avoid the risk of hackers exploiting the bug before companies can find a fix.
How can I protect my system?
Thankfully, Zoom implemented the changes suggested by Check Point, and they already released a patch in their latest software update. If you haven’t recently updated Zoom, visit the company’s download page for a fresh copy.
Make sure to select the correct option for your device. If you use Zoom on a phone or tablet, scroll down and select the download for the appropriate system.
This is yet another example of companies and security researchers working in tandem to stop the bad guys before they have a chance to act. We can only hope companies continue to address cybersecurity risks with the attention they deserve. Tap or click to see how Google helped Apple find a dangerous glitch.