[technology taskforce] Techcrunch: A flaw in Webex and Zoom let researchers snoop on users’ video calls

Dev Anand Teelucksingh devtee at gmail.com
Tue Oct 1 15:39:51 UTC 2019


A team of security researchers found they could tap into Webex and Zoom
video meetings because many weren’t protected with a code.

Researchers at Cequence, a startup focused on protecting applications from
scraping and account takeovers, programmed a bot to cycle through lists of
valid meeting IDs and get access to active conference calls. The
vulnerability works because many companies and users don’t protect their
meetings with a password, either for convenience or they had not checked
their default settings, coupled with a limited pool of meeting IDs.

By targeting the platforms’ APIs, they were able to automate the process.

The researchers reported the flaws to both Cisco, which owns Webex, and
Zoom in July. Both companies have since pushed out fixes.

The attack would not be silent, however: callers who successfully access a
meeting are announced.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ttf/attachments/20191001/62d40292/attachment.html>

More information about the ttf mailing list