The customers of Zoom conferencing app need to update their apps at the earliest to protect themselves from hackers. As disclosed recently, hackers could exploit the Zoom app to hijack conferences. The exploit could supposedly allow an attacker to snoop into your online conferences to collect data, manipulate messages, and disrupt meetings.
A researcher at Tenable found a critical security flaw that made online video conferences vulnerable to hijacking. The vulnerability existed in the Zoom Desktop Conferencing App that allowed for unauthorized command execution. Upon exploiting the bug, an attacker could take control of online conferences, hijack a presenter’s screen, spoof messages and remove attendees from the conference. In addition, an attacker could also download and execute malware on the target systems.
The researcher David Wells from Tenable allegedly discovered the flaw. Tenable has disclosed the details of it in a separate blog post. As described, the flaw existed due to improper message validation, allowing an attacker to spoof Zoom server messages.
“This bug is due to the fact that Zoom’s internal messaging pump (util.dll!ssb::events_t::loop) dispatches both client User Datagram Protocol (UDP) and server Transmission Control Protocol (TCP) messages (from util.dll!ssb::select_t::loop) to the same message handler in ssb_sdk.dll. This allows an attacker to craft and send UDP packets which get interpreted as messages processed from the trusted TCP channel used by authorized Zoom servers.”
To exploit the vulnerability, an attacker simply needed to know the Zoom server’s IP address. Anyone with this information and the ability to inject specially crafted spoofed UDP packets into existing sessions could trigger this bug. Thus, an attacker could either be any of the meeting attendees, or someone present on the LAN. Besides, Tenable also suspects that an attacker could also exploit the flaw over WAN (theoretically). However, they could not practically test it.
The researcher has shared the detailed POC on Github. He also demonstrated the exploit in a video.
According to the researcher, the Zoom Client for Meetings Message Spoofing Vulnerability (CVE-2018-15715) affected the client for Windows, Mac OS, as well as Linux. Zoom has patched the flaw in its latest app versions 4.1.34814.1119 for Windows, and 4.1.34801.1116 for Mac OS. Whereas, the vendors are still working to release a fix for Linux client. The users must ensure updating their systems to the patched versions to stay protected from such exploits.