Coronavirus has changed the job landscape across the world with a majority of employees working from home. This shift has also assisted in the rise of new workflows and new tools for work from home. One of the most popular tools around is “Zoom”, a video conferencing service based out of the United States. The app has filled the void for a quality video conferencing app beyond the existing options. In fact, the service has managed to enter the mainstream as an increasing number of casual users are using Zoom. This has pushed the app from a formal corporate setting to the living room. The service is somewhat different than Skype, Google Duo, and WhatsApp video calling. However, a new report just surfaced online highlighting a security flaw in the service. Let’s check all the details here. Also Read - Zoom iOS app sent data to Facebook even if users didn't have an account
Zoom for Windows security flaw details
According to a report from Bleeping Computer, a security researcher has just discovered a serious security flaw in the Windows app. Digging deeper, the researcher revealed that the Zoom Windows app “is vulnerable to UNC path injection” attack in the chat feature. This flaw “could allow” hackers to steal Windows login details. It is worth noting that as part of the attack, the hacker needs to send a link in the chat. In addition, a Zoom user with the Windows app needs to click the link. Also Read - Redmi K30 Pro Zoom Edition with 12GB RAM + 512GB storage option spotted online
Watch: Top 5 smartphones under Rs 20000
The researcher added that the Zoom Windows app converts “Windows networking UNC paths” into clickable links in the chat. Windows will attempt to connect to the remote website using the SMB file-sharing protocol after the user clicks the link. During this process, Windows will also send the user login information to the website. Hackers can use free tools such as Hashcat to reveal the password on their end. Also Read - How to change virtual background on Zoom during your video conferences
In addition, the report also noted the ease of the dehashing process. A hacker can get the actual password in seconds if not minutes depending on the complexity. The report has also outlined steps to bypass this issue. Beyond this, the security researcher revealed that he has notified Zoom regarding this flaw. Though the company has not issued any statement at the time of writing, it is likely to roll out an update to fix the issue.