The Zoom app, the popular video conferencing digital application, has suddenly become quintessential for the netizens, thanks to the Corona pandemic and the house arrest around the globe that followed.
However it has its own fallouts that jeopardized its user's virtual security and privacy.
As per the findings of cyber security expert @_g0dmode, the Zoom video conferencing software for Windows is exposed to a classic 'UNC path injection' vulnerability that could allow remote attackers to steal victims' Windows login credentials and even execute arbitrary commands on their systems.
And that is because Zoom for Windows supports remote UNC paths that convert potentially insecure URIs into hyperlinks when received via chat messages to a recipient in a personal or group chat.
The modus operandi of the attack is as follows.
It involves the SMB Relay technique that exploits the fact that Windows automatically exposes a user's login username and NTLM password hashes to a remote SMB server when attempting to connect and download a file hosted on it.
To steal Windows login credentials of a targeted user, all an attacker needs to do is send a crafted URL (i.e., \\x.x.x.x\abc_file) to a victim via a chat interface.
Once clicked, the attack would eventually allow the attacker-controlled SMB share to automatically capture authentication data from Windows, without the knowledge of the targeted user.
The flaw can also launch any program already present on a targeted computer or execute arbitrary commands to compromise it remotely.
And that is because of the fact that browsers running on Windows operating systems automatically save downloaded files in a default folder, which can be abused to first trick a user into downloading the batch script and then triggering it using the zoom bug.
In the absence of an immediate patch to the security flaw users are advised to either use an alternative video conferencing software like Skype etc or Zoom in their web browsers instead of installing a dedicated client app on their systems. Windows users can also change the security policy settings to limit the operating system from automatically passing their NTLM credentials to a remote SMB server besides using a strong password.
ISOEH is the organization that teaches the latest ethical hacking techniques.
Read on for more cyber security news on the Corona crisis.