Zoom patched vulnerabilities that allowed eavesdropping on video meetings

Zoom patched vulnerabilities that allowed eavesdropping on video meetings
© Getty

Software group Check Point announced Tuesday that it had discovered now-patched cyber vulnerabilities involved in video conferencing service Zoom that would have allowed hackers to eavesdrop into non-password protected conversations and access shared documents. 

Check Point found that the vulnerabilities, which have been patched by Zoom since their disclosure last year, would enable a hacker to eavesdrop into Zoom meetings by generating Zoom meeting IDs, also giving them access to any audio, video and documents involved in the meeting. 

Zoom is used for conference meetings by 60 percent of Fortune 500 companies, 96 percent of the top 200 U.S. universities, and has more than 74,000 customers in total. Specific groups that use Zoom include Uber, Nasdaq, Delta and Columbia Business School. 

ADVERTISEMENT

Check Point disclosed the vulnerabilities to Zoom in July 2019 and Zoom subsequently patched the vulnerabilities and introduced new security features. Some of the new features include default passwords that are added for every meeting, meeting ID validation, and blocking of devices that try to scan for meeting IDs. 

A Zoom spokesperson told The Hill on Tuesday that “the privacy and security of Zoom’s users is our top priority,” and that the Check Point vulnerabilities were “addressed in August of 2019.”

“We have continued to add additional features and functionalities to further strengthen our platform,” the spokesperson said. “We thank the Check Point team for sharing their research and collaborating with us.”

The new Zoom vulnerabilities found by Check Point were discovered the same month a security researcher found separate flaws in Zoom that would allow any website to open up a video conference call on a Mac if the Zoom app was installed.

In response to the previous findings, Zoom issued patches to the vulnerabilities, and wrote in a blog post in July that “we take user security incredibly seriously and we are wholeheartedly committed to doing right by our users.”

--Updated at 11:30 a.m.