Researchers Michael Strametz and Matthias Deeg of the security firm SySS have issued an alert for a rather curious security breach identified on the Zoom videoconferencing platform. The experts realized that the software has a bug in its screen sharing feature – widely used by users of the service – that can be exploited to steal confidential information … Or simply leave the host of a meeting in an uncomfortable situation.
What happens is the following: when the user clicks the button to share his screen, the options are presented to view the display in full, a specific area of the monitor or just an application window. In this third alternative, the program displays – for a fraction of a second – other windows that may be opened or closed by the host. Such content may contain credentials, sensitive files, intellectual property or simply personal photos of the user.
Of course, we are talking about a gap that is difficult to exploit. First, the malicious actor needs to be attending the meeting and recording everything that happens at it. Only then, afterwards, could the attacker rewind his recording until the moment the intruder window appeared on the screen, pause the video and extract any sensitive information that could be there. This is a risk of malicious insider – that is, an employee interested in practicing corporate espionage.
The problem is that this bug seems to be quite old, and, even with the researchers’ notification, Zoom has not yet fixed the problem in the most recent compilation of the software (5.5.4). To the Threatpost newspaper, the company promised to work on a correction, but did not give dates. In the meantime, it’s worth taking care of the open windows on your desktop while giving a Zoom presentation.
Source: Tom’s Guide
Did you like this article?
Subscribe your email to Canaltech to receive daily updates with the latest news from the world of technology.
–
–
–
