Researchers at Israeli cybersecurity firm Check Point Software Technologies Ltd. said Thursday that they helped the maker of the popular Zoom video conferencing software find and fix a security issue that could have led to successful phishing attempts.
Phishing is a fraudulent attempt to get sensitive information or data, such as usernames or passwords or credit card details, by criminals disguising themselves as trustworthy entities in electronic communications with the victims; the criminals send victims links to click on that then direct them to enter personal information into fake websites.
The lockdowns imposed globally by the coronavirus pandemic have led to a surge in the use of the Zoom videoconferencing platform, with usage soaring to over 300 million daily participants in meetings in April from 10 million in December 2019.
But this explosive growth in the use of the software has brought in its wake cyber-criminals, said researchers at the cybersecurity firm, who have worked with Zoom Video Communications to improve the security of the platform, after they found the flaw.
“The explosive growth in Zoom usage has been matched by an increase in new domain registrations with names including the word ‘Zoom,’ indicating that cyber-criminals are targeting Zoom domains as phishing bait to lure victims,” wrote Adi Ikan, Liri Porat and Ori Hamama in a blog post of the Israeli firm. “We have also detected malicious files impersonating Zoom’s installation program.”
The current flaw was found in Zoom’s Vanity URL, which allows organizations to create a customized version of Zoom’s invitation links — so instead of the standard Zoom link the person gets one with the organization’s name and logo in it.
Prior to Zoom’s fix, the flaw would have given an attacker the possibility to impersonate an organization’s Vanity URL link, and even the logo of the firm, and send invitations from the organization, which appeared to be legitimate, to trick a victim.
An additional flaw allowed attackers to access the official websites companies set up with Zoom, via which to hold their meetings. Hackers could have then invited victims to meetings, sending links from these websites. Thus, when the victims click join, to enter a meeting, and get prompted to introduce the meeting ID, they would have no way of knowing that the invitation actually didn’t come from the legitimate organization, the researchers said.
“There are many relevant day-to-day scenarios that could potentially have been leveraged using this impersonation method, which could have resulted in a successful phishing attempt,” the researchers wrote. “For example, an attacker could have introduced themselves as legitimate employees in the company, sending an invitation from an organization’s Vanity URL to relevant customers in order to gain credibility. This activity could have then been leveraged to stealing credentials and sensitive information, as well as other fraud actions.”
In an emailed comment, Zoom said: “Zoom has addressed the issue reported by Check Point and put additional safeguards in place for the protection of its users. Zoom encourages its users to thoroughly review the details of any meeting they plan to attend prior to joining, and to only join meetings from users they trust. We appreciate Check Point notifying us of this issue. If you think you’ve found a security issue with Zoom products, please send a detailed report to firstname.lastname@example.org.”
In January this year Check Point researchers said hackers were able to potentially identify and join active meetings to which they weren’t invited, causing Zoom to quickly introduce a number of fixes that ensured that such attacks are no longer possible.
Check Point researchers have also issued guidelines on how to use Zoom safely.