Expert Comments: A Flaw In Webex And Zoom Let Researchers Snoop On Users’ Video Calls

By   ISBuzz Team
Writer , Information Security Buzz | Oct 03, 2019 06:27 am PST

It has been reported that a team of security researchers found they could tap into Webex and Zoom video meetings because many weren’t protected with a code. Researchers programmed a bot to cycle through lists of valid meeting IDs and get access to active conference calls. The vulnerability works because many companies and users don’t protect their meetings with a password, either for convenience or they had not checked their default settings, coupled with a limited pool of meeting IDs. By targeting the platforms’ APIs, they were able to automate the process.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Jonathan Knudsen
Jonathan Knudsen , Senior Security Strategist
October 3, 2019 2:29 pm

Some rudimentary user education would help people make better choices. For example, when running an online meeting, make sure you can identify all users who have joined. Furthermore, if you expect that any part of the meeting is information you want to keep confidential, use the password feature to protect the meeting from casual intruders. Meeting recordings should be protected with similar vigilance. For example, recording files should not be placed on unauthenticated servers, and any links to streaming recordings should be protected by some form of authentication.

Last edited 4 years ago by Jonathan Knudsen

Recent Posts

Would love your thoughts, please comment.x