The COVID-19 pandemic has cost us our daily normal life routine. Everyone is under lockdown now. But telecom network company, Zoom has made sure that life goes on. Employees are working remotely and attending live conferences using Zoom. If you too are working from home in this COVID-19 pandemic, you also might be using Zoom.
In its nature, it is very much equivalent to FaceTime, but it is meant for professional and business use. But this also means that it has some special features like chat boxes, collaborating online and other features which make it a handy tool for remote work.
But Windows users might have a big problem while using Zoom, warns FBI. IT specialists have seen a problem with Zoom’s ability to share links. It is now possible for malicious attackers to capture credentials from users and even access their camera. This is a big point in Zoom’s security issues.
I mean, the problem of third parties *openly* sneaking into Zoom meetings is so pervasive that the FBI’s Boston field office has warned of “zoom bombing” in classrooms https://t.co/8M8bWbXRdK
— Thomas Rid (@RidT) April 1, 2020
How Hackers steal user Credentials using Zoom?
In fact, the software is experiencing a number of security issues at the moment, and truthfully it doesn’t matter if you use Windows or macOS. Security measures are important in both.
While the company is still working on its security issues, you should know how this happens. Users can text in the chatbox simultaneously while video conferencing. Now in this text URLs can be present. These URLs are converted into a hyperlink by the software. When someone clicks on the hyperlink they land on the page directly. Now, the thing is Windows UNC paths also convert to such hyperlinks. This may not seem a problem at first.
But when the hackers click on it they automatically get your Windows user credentials. It includes your login id and NTLM password hash. This information can be decoded using any number of free online decoding tools.
Many white hat hackers have spotted this. Users are still not to share any links on Zoom. To be safe on the internet never make your calls public. Keep your contact list updated. Also do not share any link on zoom.