Zoom, the popular video-conferencing app, used to have security flaws that could allow hackers to listen into video calls unnoticed, according to a report from cybersecurity firm Check Point Research. A hacker would also be able to access any files shared during the call. The vulnerabilities introduced in the report have already been mitigated by Zoom.
Only a four percent success rate — Zoom uses randomly generated calling codes, varying from 9 to 11 digits in length, that become an address by which users can connect to a call. Check Point’s research team was able to use an algorithm to discover Zoom’s active calling codes with about four percent accuracy. Then they were able to join some of these calls unannounced.
Most video conferencing software doesn’t use calling codes in the way Zoom does, but this case should serve as a reminder to similar companies need to take extra care when securing their platforms.
Good news: users can’t be targeted — According to Check Point’s report, the firm wasn’t able to connect to a specific user’s meeting in their tests. Rather, only random chat rooms could be joined using the vulnerability. This means it would be very difficult for someone to hack into a specific Zoom chat and steal information. Paired with the low success rate of actually finding an open call, the probability of this vulnerability being used is pretty low.
It’s long been fixed — Check Point addressed the vulnerability with Zoom back in August, and the company put fixes in place right away. You can no longer scan for random call numbers in the way Check Point did in its tests. A Zoom spokesperson said security for its users is always the company’s top priority.