Yet Another Zoom Vulnerability

Yet Another Zoom Vulnerability

Ever since COVID-19 disrupted the business world, Zoom Video Conferencing has become the lifeblood of many organizations seeking to stay connected. Unfortunately, it has also become an easy target for bad actors looking to take advantage of simple vulnerabilities. First, Zoom-Bombing took the world by storm, and now a new vulnerability has emerged.

Largely as a result of Zoom-Bombing, all meetings are now secured by a 6-digit numeric password meant to keep unauthorized users out. Unfortunately, a vulnerability was discovered in the Zoom web client which allows users to guess passwords without a limit on failed attempts. Using 6-digit passwords, there are only 1 million possible combinations. This means that an attacker could break through with a brute-force approach in only minutes.

Many recurring meetings do not generate new passwords, so an attacker gaining access once could potentially sit in on your weekly meetings. Transitioning to remote work has led to many organizations regularly discussing sensitive information on Zoom calls. It is important to be proactive in your video conferencing security to minimize the likelihood of falling victim to another Zoom error.

Here are some simple steps you can take to increase security

  • Create a waiting room and require host acceptance to enter a meeting
  • Manually set stronger passwords on sensitive meetings
  • Do not reuse passwords for multiple meetings
  • Lock meetings once they begin

For more information on Zoom passwords, use this guide from the company on setting and strengthening requirements.

To take control of your firm’s cybersecurity and protect against COVID related cyberthreats, call Helical today!

Tags: #IT_security_needs #Remote_workforce

Leave a Reply