According to cybersecurity professionals, there are still some problems with Zoom Video Communications Inc.’s (NASDAQ:ZM) video conferencing platform.
Hackers exploit Zoom’s “Vanity URL” to set fake meetings
Last week, researchers from online security company Check Point highlighted a discovery that could have allowed hackers to use Zoom’s vanity URL to get sensitive data from users. The vulnerability of the “Vanity URL” feature allowed hackers to impersonate the company’s Vanity URL and subsequently send fake invitations that seemed to be legitimate.
Usually, companies that ate paying to use Zoom’s video conference platform can have a unique vanity subdomain they use to brand their meetings within the Zoom domain name. Interestingly the bug allowed bad actors to set up Zoom meetings and add registered subdomain with Zoom. For instance, if McDonald’s uses the custom subdomain mcdonalds.zoom.us for meetings, anyone could have set a personal Zoom meeting and added the McDonald’s subdomain to their link it works. The URL could then lead users to click the link to the personal Zoom meeting of bad actors.
Those bad actors deceived users attending the meeting to believe that they were in a conference call with the company in the subdomain. This could have opened an avenue for hackers to pose as representatives of the company and divulge users into giving sensitive information.
Zoom has fixed flaws in video conferencing app
In response to Check Point’s findings, the company’s spokesperson indicated that the company is fixing the flaws by adding more safeguards to protect users. The spokesperson added that users should review details of any meeting they plan to attend before joining the meeting and should join conferences that are from users they trust.
Zoom saw unprecedented growth over the pandemic period from around 10 million daily meeting users at the beginning of the year to over 300 million in April. This huge surge in users exposed various flaws within the video conferencing app. In recent months Zoom has been under pressure from lawmakers and authorities regarding security and privacy concerns.