Its increasing popularity has brought a new set of challenges for video calling platform Zoom. The app has been slammed for lack of users privacy and security by the US Federal Bureau of Investigation (FBI) and cybersecurity experts. Now, it has been alleged that the platform is also prone to hacking.

COMMERCIAL BREAK
SCROLL TO CONTINUE READING

According to a report by TheHacckeNews, the app is prone to hacking, with an unpatched bug that can let hackers steal users Windows password. The `Zoom client for Windows` is vulnerable to the `UNC path injection` vulnerability that could let remote attackers steal login credentials for victims` Windows systems, the report claims.

It has also been confirmed by by researcher Matthew Hickey and Mohamed A. Baset,` the report said late Wednesday.

WATCH Video

How can the data be hacked?

Zoom app allows 50 people to join a video conversation in its basic plan. It is the only app in the world right now which allows more than 10 people to video call at the same time. The hackers are using "SMBRelay technique" wherein Windows automatically exposes a user`s login username and NTLM password hashes to a remote server, when attempting to connect and download a file hosted on it.

"The attack is possible only because Zoom for Windows supports remote UNC paths, which converts such potentially insecure URLs into hyperlinks for recipients in a personal or group chat," the report claimed.

Besides Windows credentials, the vulnerability can also be exploited to launch any programme present on a targeted computer.

What has Zoom done?

The report says that Zoom has been notified of this bug but the flaw is yet to be fixed.

"Users are advised to either use an alternative video conferencing software or Zoom in your web browser instead of the dedicated client app," it said.