comscore Zoom for Windows can leak Windows login details | BGR India
News

Zoom for Windows can leak Windows login details to hackers; details

Digging deeper, the researcher revealed that the Zoom Windows app “is vulnerable to UNC path injection” attack in the chat feature. Let's take a closer look at the problem.

  • Published: April 1, 2020 3:31 PM IST
Zoom video calling service logo

Coronavirus has changed the job landscape across the world with a majority of employees working from home. This shift has also assisted in the rise of new workflows and new tools for work from home. One of the most popular tools around is “Zoom”, a video conferencing service based out of the United States. The app has filled the void for a quality video conferencing app beyond the existing options. In fact, the service has managed to enter the mainstream as an increasing number of casual users are using Zoom. This has pushed the app from a formal corporate setting to the living room. The service is somewhat different than Skype, Google Duo, and WhatsApp video calling. However, a new report just surfaced online highlighting a security flaw in the service. Let’s check all the details here. Also Read - Zoom iOS app sent data to Facebook even if users didn't have an account

Zoom for Windows security flaw details

According to a report from Bleeping Computer, a security researcher has just discovered a serious security flaw in the Windows app. Digging deeper, the researcher revealed that the Zoom Windows app “is vulnerable to UNC path injection” attack in the chat feature. This flaw “could allow” hackers to steal Windows login details. It is worth noting that as part of the attack, the hacker needs to send a link in the chat. In addition, a Zoom user with the Windows app needs to click the link. Also Read - Redmi K30 Pro Zoom Edition with 12GB RAM + 512GB storage option spotted online

Watch: Top 5 smartphones under Rs 20000

The researcher added that the Zoom Windows app converts “Windows networking UNC paths” into clickable links in the chat. Windows will attempt to connect to the remote website using the SMB file-sharing protocol after the user clicks the link. During this process, Windows will also send the user login information to the website. Hackers can use free tools such as Hashcat to reveal the password on their end. Also Read - How to change virtual background on Zoom during your video conferences

In addition, the report also noted the ease of the dehashing process. A hacker can get the actual password in seconds if not minutes depending on the complexity. The report has also outlined steps to bypass this issue. Beyond this, the security researcher revealed that he has notified Zoom regarding this flaw. Though the company has not issued any statement at the time of writing, it is likely to roll out an update to fix the issue.

For the latest tech news across the world, latest PC and Mobile games, tips & tricks, top-notch gadget reviews of most exciting releases follow BGR India’s Facebook, Twitter, subscribe our YouTube Channel.
  • Published Date: April 1, 2020 3:31 PM IST



new arrivals in india

Samsung Galaxy M51
Samsung Galaxy M51

24,999

Poco M2
Poco M2

10,999

Oppo F17 Pro
Oppo F17 Pro

22,990

Realme 7 Pro
Realme 7 Pro

19,999

Realme 7
Realme 7

14,999

Xiaomi Redmi 9A
Xiaomi Redmi 9A

6,799

Vivo Y20
Vivo Y20

12,990

Xiaomi Redmi 9
Xiaomi Redmi 9

8,999

Nokia 5.3
Nokia 5.3

13,999

Motorola Moto G9
Motorola Moto G9

11,499

Realme C15
Realme C15

9,999

Realme C12
Realme C12

8,999

Samsung Galaxy Note 20
Samsung Galaxy Note 20

77,999

Xiaomi Redmi 9 Prime
Xiaomi Redmi 9 Prime

9,999

Oppo Reno4 Pro
Oppo Reno4 Pro

34,990

Samsung Galaxy M01 Core
Samsung Galaxy M01 Core

5,499

Realme 6i
Realme 6i

12,999

Asus Rog Phone 3
Asus Rog Phone 3

49,999

OnePlus Nord
OnePlus Nord

24,999

Infinix Smart 4 Plus
Infinix Smart 4 Plus

7,999

Xiaomi Redmi Note 9
Xiaomi Redmi Note 9

11,999

Samsung Galaxy M01s
Samsung Galaxy M01s

9,999

Vivo X50 Pro 5G
Vivo X50 Pro 5G

49,990

Vivo X50 5G
Vivo X50 5G

34,990

Realme C11
Realme C11

7,499

Poco M2 Pro
Poco M2 Pro

13,999

Realme X3
Realme X3

24,999

Realme X3 SuperZoom
Realme X3 SuperZoom

27,999

Tecno Spark Power 2
Tecno Spark Power 2

9,999

Oppo A12
Oppo A12

9,990

Oppo A52
Oppo A52

16,990

Samsung Galaxy A21s
Samsung Galaxy A21s

15,999

Oppo Find X2
Oppo Find X2

64,990

Motorola One Fusion Plus
Motorola One Fusion Plus

17,499

Samsung Galaxy A31
Samsung Galaxy A31

20,999

Samsung Galaxy M01
Samsung Galaxy M01

8,999

Samsung Galaxy M11
Samsung Galaxy M11

10,999

Infinix Hot 9 Pro
Infinix Hot 9 Pro

9,999

LG Velvet
LG Velvet

Price Not Available

Xiaomi Mi Note 10 Lite
Xiaomi Mi Note 10 Lite

Price Not Available

Apple iPhone SE 2020
Apple iPhone SE 2020

42,500

Honor 30 Pro
Honor 30 Pro

Price Not Available

Honor 30
Honor 30

Price Not Available

OnePlus 8
OnePlus 8

44,999

OnePlus 8 Pro
OnePlus 8 Pro

54,999

Xiaomi Redmi Note 9 Pro
Xiaomi Redmi Note 9 Pro

13,999

Motorola Moto E4
Motorola Moto E4

8,999

Samsung Galaxy On Max
Samsung Galaxy On Max

9,775

nubia N2
nubia N2

15,999

Karbonn K9 Kavach 4G
Karbonn K9 Kavach 4G

5,290

Motorola Moto C Plus
Motorola Moto C Plus

6,999

Best Sellers