Although Zoom has been around for 9 years, it has become a favorite tool for millions of people globally for its user-friendly video conferencing app amid the coronavirus threat.
Zoom is an effective online video meeting solution, but the tool is still not the best choice when it comes to users’ privacy and security.
As per the latest finding by cybersecurity experts, the Zoom client for Windows is susceptible to the ‘UNC path injection’ flaw that could allow remote hackers to steal login credentials for victims’ Windows systems.
The attack includes the SMBRelay method in which Windows automatically divulges a user’s login username and NTLM password hashes to a remote SMB server when trying to connect and download a file hosted on it.
The attack is likely only because Zoom for Windows supports remote UNC paths, which translates such possibly doubtful URLs into hyperlinks for receivers in a personal or group chat.
To snip the login credential of user running zoom for Windows, all a hacker needs to do is sent a created URL (i.e. \\x.x.x.x\abc_file) to the victim over its chat interface and wait for the victim to click it once.
Notably, the captured passwords are not plaintext, but any hacker can crack it in seconds using password cracking tools like HashCat or John the Ripper.
In addition to stealing Windows credentials, the fault can also be abused to launch any program already present on a targeted computer or downloaded.
Although Zoom has already been informed of this bug, the fault has not yet been fixed, and users are directed to either use an alternative video conferencing software or Zoom in your web browser instead of the dedicated client app.