The security issue with the vanity URL mechanism In addition, the attacker could have directed the victim to a sub-domain dedicated website, where the victim entered the relevant meeting ID and would not be made aware that the invitation did not come from the legitimate organization. Prior to Zoom’s fix, an attacker could have attempted to impersonate an organization’s Vanity URL link and send invitations which appeared to be legitimate to trick a victim. The Vanity URL mechanism allows organizations to create a customized version of Zoom’s invitations links. In addition, the organization can add a dedicated and customized website for this service. One of the features of Zoom is the ability to create a ‘Vanity URL,’ which is described on the Zoom website as: A Vanity URL is a custom URL for your company, such as. As a result of our continued collaboration and Check Point’s reporting of this issue, Zoom has resolved the issue with a fix. As part of our cooperation, Zoom quickly introduced a number of mitigations which ensured that such attacks are no longer possible.Īnd recently we found another potential security issue, as described below, which could have led to successful phishing attempts. Back In January 2020 we reported a technique which would have allowed a threat actor to potentially identify and join active meetings to which they weren’t invited. In our ongoing efforts to respond to the latest developments in the threat landscape and contribute to the global cyber security community, we have collaborated with Zoom Video Communications to find ways to ensure that its users can enjoy all of its benefits safely and securely. We have also detected malicious files impersonating Zoom’s installation program. So it’s no surprise that the explosive growth in Zoom usage has been matched by an increase in new domain registrations with names including the word ’Zoom’, indicating that cyber-criminals are targeting Zoom domains as phishing bait to lure victims.
Of course, where people go, criminals will follow.
The video conferencing service was already popular before the pandemic, but in the ‘new normal’ of social distancing it has become the go-to platform globally for everything from high-level government and business meetings, to university and school classes, to family gatherings – meaning that Zoom usage has soared from 10 million daily meeting participants back in December 2019 to over 300 million in April 2020. Research by: Adi Ikan, Liri Porat and Ori Hamama IntroductionĪs the world starts to emerge from Coronavirus-related lockdowns, and organizations continue to support remote working for their employees, ’Zooming’ has become part of our everyday language.
0 kommentar(er)
