This post was originally published on this site
A hack that let intruders eavesdrop on meetings over Zoom Video Communications Inc., the popular video-conferencing service used by more than 60% of the Fortune 500, has been detected and resolved.
Check Point Software Technologies Inc. CHKP, -1.00%, which made the discovery and worked with Zoom ZM, -3.51% to fix it, announced the flaw early Tuesday.
Cyber-intruders were able to illegally join Zoom meetings by generating a list of Zoom Meeting IDs, validate the existence of each meeting ID, and connect to the meeting, according to Check Point. Once inside the virtual meeting, they were able to access all audio, video, and documents shared.
“It’s a form of Zoom roulette,” Yaniv Balmas, head of cyber research at Check Point, said in an email statement. “Here, a hacker could have drafted a large number of Zoom meetings IDs and enter in as a normal participant. We recommend every one update to the latest version of Zoom.”
Check Point first contacted Zoom of the vulnerability on July 22, 2019, as part of a standard responsible disclosure process. Check Point subsequently worked with Zoom to issue a series of fixes and new functionality to patch the security holes. Zoom subsequently introduced security features such as default passwords, password additions, and a device blocker.
For Zoom, whose wildly successful initial public offering in 2019 propelled it to a current market valuation of $20.2 billion, the flaw is a sobering disclosure. The service reaches more than 74,000 customers who consumed 80 billion meeting minutes a year. More than 96% of the top 200 U.S. universities use Zoom.
