Video conferencing services, including Zoom, have become increasingly popular since many more employees are working remotely. Users of the Zoom Windows client’s chat feature need to be cautious about clicking on links.
Attackers also can be participate in the Zoom call and must convince other participants to clink a link sent through a chat message in order to make use of the attack method, which limits the potential impact of this technique.
This issue lies in the fact that the Zoom client converts Windows networking Universal Naming Convention (UNC) paths into clickable links. If the links are clicked, Windows will try to connect to the remote site using the Server Message Block (SMB) network file-sharing protocol, and by default, Windows will send the user’s login name and NT Lan Manager (NTLM) password hash. If the attacker controls the remote server, they can capture the password hash when it is sent.
Although the password is hashed, it can still be cracked, especially if the password uses common dictionary words. Bleeping Computer has reached out to Zoom, but no response has been given yet.
Users need to be cautious about clicking on links of Zoom. The security researcher has found that attackers can use the Zoom Windows client’s group chat feature to share links that will leak the Windows network credentials of anyone who clicks on them.
Zoom is under extra scrutiny as usage of the video conference app has surged during the coronavirus COVID-19 outbreak.
Working from home and the group chat feature lets users send messages to other participants in a meeting and converts URLs into hyperlinks for the recipient to open a web page in a browser. The Zoom client not only converts normal URLs into a clickable link but also Windows networking Universal Naming Convention (UNC) paths.
Hickey says Zoom's fix should involve not rendering UNC paths as hyperlinks.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
