If there is a series of applications that succeed these days in which a good part of the world’s population anda confined at home, are those that allow contact with friends and family without having to leave home. Have shot the video in WhatsApp, the use of Hangouts, apps like House Party (recently newsand Zoom, while it has also targeted to teleworking.
And if before with House Party we were referring to the controversy sparked by an alleged hacking that the company deniesnow is Zoom which is located under the magnifying glass by a security breach that has been exposed to. A failure that could facilitate a user to join a video call without our permission.
Hello, my name is Edu, how are you?
With the crisis of the COVID-19, Zoom has grown dramatically, and many are those who have discovered it as a client for video calls multiple easy-to-use. A tool which has nevertheless seen as you may be the victim of an attacker that put at risk our privacy.
Discovered by @_g0dmodethe security gap has its starting point in the application of Zoom for Windows 10. A hacker could access the data access, user name and password of the Windows, so you can initiate video calls without the user has given you permission. The key is in the UNC paths in the chat.
To make use of some of these links, the application tries to connect remotely using the SMB protocol, at which time Windows sends the access data to the person who has used them in the link. You only need to decrypt the password, something not too difficult, if you possess some basic knowledge or are looking for the network.
This can cause a user oblivious to the conversation can become part of the same and put at risk the privacy and safety of our environment.
The company responsible for the Zoom already is aware of the problem and works
in a solution that avoid the problem with the conversation in the links of the routes of call. While the solution arrives, the network administrators can disable the automatic sending of credentials for logins, although this may pose some problems.
to do so have access to the “computer Configuration” and “Windows Settings” security Settings”. Search for the section “security Options” and inside go to “network Security: restrict NTLM: traffic NTLM outbound to remote servers” where you should mark the option “Deny all”.
Another solution for users is to modify the value in the registry at the path HKEY_LOCAL_MACHINELOCALMACHINESYSTEMCurrentControlSetControlLsaMSV1_0 and add a value called RestrictSendingNTLMTraffic, which will give the value 2.
Zoom again be under the microscope, because we have to remember that some days ago it came to light that the app ZOOM in iOS sent data analytics of users to Facebook, although they didn’t have social network account.
Via | Bleeping Computer
it was originally published in