Perhaps most famously, Zoom’s software contained weaknesses that resulted in “zoombombing” – a practice where uninvited guests entered private meetings to harass participants and snoop into people’s homes. It was accused of selling people’s personal data, invading people’s privacy with an “attendee tracking” feature, and failing to address countless vulnerabilities that could be exploited by cyber criminals. The platform soon faced a public backlash regarding its poor security practices. The video conferencing software was suddenly everywhere, being used to host work meetings, family gatherings and inevitable trivia nights. When COVID-19 took over our lives in early 2020, it was accompanied by the unstoppable force of Zoom. The only ability an attacker needs is to be able to send messages to the victim over Zoom chat over XMPP protocol.” Zoom back in the headlines If the specific message is sent, an attacker could trigger clients into connecting to a man-in-the-middle server that presented a version of the Zoom client from 2019.Īccording to Google Project Zero security researcher Ivan Fratric, who discovered the vulnerabilities: “User interaction is not required for a successful attack. This is possible if criminal hackers send a specially crafted XMPP (Extensible Messaging and Presence Protocol) message and executing malicious code. The video conference platform Zoom has disclosed four new software vulnerabilities that expose users to cyber attacks.Ĭyber security researchers found that the vulnerabilities can be used to compromise users over the platform’s chat function.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |