Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Saturday April 04 2020, @03:52AM   Printer-friendly
from the automate-your-work dept.

Automated tool can find 100 Zoom meeting IDs per hour:

An automated tool developed by security researchers is able to find around 100 Zoom meeting IDs in an hour and information for nearly 2,400 Zoom meetings in a single day of scans, according to a new report from security expert Brian Krebs.

Security professional Trent Lo and members of SecKC, a Kansas City-based security meetup group, made a program called zWarDial that can automatically guess Zoom meeting IDs, which are nine to 11 digits long, and glean information about those meetings, according to the report.

In addition to being able to find around 100 meetings per hour, one instance of zWarDial can successfully determine a legitimate meeting ID 14 percent of the time, Lo told Krebs on Security. And as part of the nearly 2,400 upcoming or recurring Zoom meetings zWarDial found in a single day of scanning, the program extracted a meeting's Zoom link, date and time, meeting organizer, and meeting topic, according to data Lo shared with Krebs on Security.

Automated Zoom conference meeting finder 'zWarDial' discovers ~100 meetings per hour that aren't protected by passwords. The tool also has prompted Zoom to investigate whether its password-by-default approach might be malfunctioning https://t.co/dXNq6KUYb3pic.twitter.com/h0vB1Cp9Tb

— briankrebs (@briankrebs) April 2, 2020


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by MostCynical on Saturday April 04 2020, @05:44AM (2 children)

    by MostCynical (2589) on Saturday April 04 2020, @05:44AM (#978970) Journal

    no, zoom is ubiquitous, easy, and features exceed price point.

    Zoom is now being examined - it wasn't on most people's radar a few months ago, but not is being used heavily.

    Doesn't mean anyone is shorting the company.

    Alas, people are finding that security is, as with many products, not 'baked-in' sufficiently.

    --
    "I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by toddestan on Sunday April 05 2020, @05:39AM (1 child)

    by toddestan (4982) on Sunday April 05 2020, @05:39AM (#979297)

    Is there really any difference between Zoom and competitors like WebEx? WebEx has the same system where you dial in and then type in a 9-digit code to join the meeting. You can also have a password or disallow anonymous "call-in" users to a meeting, but almost no one does that as it just adds additional complication to something that you can consider yourself lucky if it works at all. I don't see anything that would prevent someone from dialing in and then trying to guess codes until they randomly hit a valid one.

    I suppose one difference might be is that WebEx might be savvy enough to throttle or block repeated attempts to join invalid meetings to thwart something like this.

    • (Score: 2) by MostCynical on Sunday April 05 2020, @05:48AM

      by MostCynical (2589) on Sunday April 05 2020, @05:48AM (#979299) Journal

      up until recently, cost [webex.com]

      --
      "I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex