News: CFTIRC Online Bulletin Board Launched (Pentesting & DFIR Miner).
Please register an account to access our community's posts.

Login  |  Register
« previous next »
Pages: [1]

Author Topic: Hacking Zoom: Uncovering Tales of Security Vulnerabilities in Zoom  (Read 292 times)

BigBrother

  • Administrator
  • Sr. Member
  • *****
  • Posts: 408
  • Karma: 2000
  • You Posted! You Posted! : Earned for posting at least 1 time.
    Have something to say! Have something to say! : Earned for posting at least 10 times.
    Talkative! Talkative! : Earned for posting at least 100 times.
Hacking Zoom: Uncovering Tales of Security Vulnerabilities in Zoom
« on: August 09, 2020, 11:39:58 pm »
Uncovering Tales of Security Vulnerabilities in Zoom

This blog post discusses my experiments in testing and hacking Zoom.

Zoom has become one of the most high-performing tech companies of 2020. Zoom is a digital video conferencing software that went public in IPO last year1, a few months before the global pandemic.

Zoom grew rapidly over the past year going from 10M active users in early 2019 to over 200M by mid-2020.

The popularity of Zoom has made it a high-profile target for hackers, nefarious actors, and the security community. Organizations worldwide are using Zoom to enable remote work. The UK government even used Zoom for cabinet meetings2. Simply put, we can see Zoom in every part of our lives today.

This post shares my research and experiments in testing and hacking Zoom.

Executive Summary

My research focused on identifying security vulnerabilities in Zoom. The result of the research revealed several severe security vulnerabilities that affect the Zoom production and development infrastructure, the Zoom Linux app, and Zoom’s implementation of end-to-end encryption implementation.

My experience with Zoom’s security and its VDP (vulnerability disclosure program) did not match what I had seen in the public media. I assume this is because Zoom focused on the security incidents that had generated the most negative public PR. This is also likely due to Zoom implementing a last-minute bug bounty program after its user base boomed during the global pandemic.

The first finding that I identified in April 2020 has been not patched. The first time I received a conclusive response regarding the finding was on July 14, 2020, after 4 months of reporting the vulnerability and numerous follow-ups from my side.

When I submitted my CFP to DEFCON 2020, I conducted another round of experiments on Zoom, where I identified new security vulnerabilities that affected different Zoom products. All discovered vulnerabilities were responsibly disclosed to Zoom.

I would also like to note that all of my research was self-funded. I have also not received any bounty/reward for my efforts by Zoom.

List of Identified Vulnerabilities
  • Zoom Exposed Public Kerberos Authentication Server
  • Memory Leak on Zoom Production Server
  • Unexploitable RCE on Zoom Production Server
  • Shadow IT Issues on accessible Zoom servers
  • Zoom App for Linux:
    • Bad Design Practise on TLS/SSL implementation
    • A Really Bad Design Practice on Zoom Launcher Implementation.
    • End-to-End encrypted messages between Zoom users are stored on-disk in plain-text.
    • Zoom Local Database accessible by all local users, including private end-to-end encrypted messages (stored in plain-text), and access tokens.
Read the full article @ https://mazinahmed.net/blog/hacking-zoom/
--
Best Regards
CFTIRC Admin
https://www.acfti.org/cftirc-community
Pages: [1]
« previous next »