How hackers are recording zoom meeting without permission

April 28, 2020

Even in such critical situation when whole world is in locked down inside home, the essential work is going on via various remote applications like ZOOM, WebEx etc. Such applications gave a platform to everyone having a smart device, can connect and share screens, do videos session and  can make calls. But a major concern raised about security of such applications. What about a hacker who can sneak into such remote sessions. A few days ago, multiple technology companies, such as GoogleSpaceX, and even NASA banned their employees from using Zoom as a tool for remote work due to multiple reports of some security issues on the platform, mention vulnerability assessment specialists.

It was found that the one of the most common attacks is “ZoomBombing”, which is to interrupt a target session to stream inappropriate content. However, the cybersecurity community fears that this is a precedent for more sophisticated attacks, such as malware execution and exploiting zero-day vulnerabilities that could compromise all of a Zoom user’s computing resources.

A group of vulnerability assessment specialists from Morphisec Labs has detected a vulnerability in Zoom that could allow a malicious hacker to record a video conferencing session and extract text messages without participants’ consent. In addition, this can be done even if the host has disabled the function to record the session.

It all starts with malware injected into a Zoom process, which requires no user interaction. It should be noted that the participants of the session are not notified about this behavior, so the whole process can go completely unnoticed. Finally, the hacker manages to record the Zoom session. Vulnerability assessment experts consider it highly likely that a campaign to exploit this attack will be presented, especially after the leak of more than 500,000 Zoom access credentials available on dark web was revealed.

The company has already been alerted to this security issue. The researchers also prepared the description of an attack scenario:

  • User A sends a Zoom invitation to User B
  • User B accepts the invitation and joins the Zoom session with user A
  • User A sends a chat illustrating that messages can be sent and received, and now user B can respond
  • User B prompts user A access to record the session. User A denies this request by disabling recording privileges for attendees, as it is about to share sensitive information
  • At this point, user B launches the malicious code to record the session without user A’s consent. On its screen, user B can see that the session is being recorded, even if user A is not aware of this behavior
  • When the session ends, the malware present in Zoom manipulates the recording to be sent to the attacking user

Basic Prevention:-

Pre-Meeting Settings: Securing your Zoom Meetings can start before your event even begins, with a robust set of pre-meeting features.

  • Waiting Rooms: IT Admins can enforce waiting rooms at the account, group, or user level. You can also require them for all participants, or just for guests not included in your account. If made optional, meeting hosts can enable Waiting Rooms in the “Settings” menu of their Zoom profile.
  • Passwords: Passwords can be set at the individual meeting level or can be enabled at the user, group, or account level for all meetings and webinars. Account owners and admins can also lock password settings, to require passwords for all meetings and webinars on their account.
  • Join by Domain: Only authenticated users can join meetings which requires individuals to sign into a zoom account and/or ensure their e-mail address is on an approved list before allowing them to join.

In-Meeting Settings

  • Security options in toolbar: Meeting hosts have a Security icon in the toolbar for quick access to essential in-meeting security controls. See it in action!
  • Lock the meeting: When a host locks a Zoom Meeting that’s already started, no new participants can join, even if they have the meeting ID and password (if you have required one).
  • Put participant on hold: You can put an attendee on hold and their video and audio connections will be disabled momentarily.
  • Remove participants: From that Participants menu, you can mouse over a participant’s name, and several options will appear, including “Remove”.
  • Report a user: Hosts/co-hosts can report users to Zoom’s Trust & Safety team, who will review any potential misuse of the platform and take appropriate action.
  • Disable video: Hosts can turn someone’s video off. This will allow hosts to block unwanted, distracting, or inappropriate gestures on video.
  • Mute participants: Hosts can mute/unmute individual participants or all of them at once. Hosts can block unwanted, distracting, or inappropriate noise from other participants. You can also enable “Mute Upon Entry” in your settings, which is a good option for large meetings.
  • Turn off file transfer: In-meeting file transfer allows people to share files through the in-meeting chat.
  • Turn off annotation: You can disable the annotation feature in your Zoom settings to prevent people from writing all over the screens.
  • Disable private chat: Zoom has in-meeting chat for everyone or participants can message each other privately. Restrict participants’ ability to chat amongst one another while your event is going on and cut back on distractions.
  • Control screen sharing: The meeting host can turn off screen sharing for participants.
  • Control recording: The ability to record to the cloud or locally is something an account admin can control. If they have recording access, the host can decide to enable/disable a participant or all participants to record.
  • Do not allow participants to rename their ID: The host can disable the ability for participants to rename their onscreen identity.
  • Turn on waiting rooms: The meeting host can turn on waiting rooms from within the meeting.

Protecting your data

  • Encryption: Protecting your event content by encrypting the session’s video, audio, and screen sharing. This content is protected with the Advanced Encryption Standard (AES) 256 using a one-time key for that specific session when using a Zoom client.
  • Audio Signatures: Embeds a user’s personal information into the audio as an inaudible watermark if they record during a meeting. If the audio file is shared without permission, Zoom can help identify which participant recorded the meeting.
  • Watermark Screenshots: Superimposes an image, consisting of a portion of a meeting participant’s own email address, onto the shared content they are viewing and the video of the person who is sharing their screen.
  • Local Recording Storage: Recordings stored locally on the host’s device can be encrypted if desired using various free or commercially available tools.
  • Cloud Recording Storage: Cloud Recordings are processed and stored in Zoom’s cloud after the meeting has ended; these recordings can be password-protected or available only to people in your organization. If a meeting host enables cloud recording and audio transcripts, both will be stored encrypted.
  • File transfer storage: If a meeting host enables file transfer through in-meeting chat, those shared files will be stored encrypted and will be deleted within 31 days of the meeting.
  • Cloud recording access: Meeting recording access is limited to the meeting host and account admin. The meeting/webinar host authorizes others to access the recording with options to share publicly, internal-only, add registration to view, enable/disable ability to download, and an option to password protect the recording.
Total Page Visits: 231 - Today Page Visits: 1

One thought on “How hackers are recording zoom meeting without permission

Leave a Reply

Your email address will not be published. Required fields are marked *