hosting image
These glitches allow someone to hear what you speak in Zoom

Image Credits: Bloomberg

These glitches allow someone to hear what you speak in Zoom

Vulnerabilities in Zoom put privacy at risk

A group of computer security researchers at Positive Technologies has identified a total of three critical flaws affecting the Zoom platform. This affects different programs and tools such as Zoom Virtual Room Connector, Zoom Meeting Connector Controller, or Zoom Recording Connector.

But, what could an attacker cause in case of exploiting these vulnerabilities? They could have intercepted Zoom videoconferences, putting users' privacy at risk. At the end of the day, we are dealing with a type of service that requires complete security.

These vulnerabilities have been registered as CVE-2021-34414CVE-2021-34415, and CVE-2021-34416. A potential attacker would have the ability to execute arbitrary code on the server through root user privileges. They have given a list of the applications that are vulnerable and that users should be careful with:

  • Meeting Connector Controller up to version 4.6.348.20201217
  • Meeting Connector MMR up to version 4.6.348.20201217
  • Recording Connector up to version 3.8.42.20200905
  • Virtual Room Connector up to version 4.4.6620.20201110
  • Virtual Room Connector Load Balancer up to version 2.5.5495.20210326

The second of the vulnerabilities would allow an attacker to cause the system to crash, thereby compromising the functionality of the software and limiting the use of Zoom by affected organizations and users. In this case, it affects Zoom On-Premise Meeting Connector Controller and was removed in version 4.6.358.20210205.

But there is another third vulnerability and in this case, an attacker could enter certain commands. It affects:

  • Meeting Connector up to version 4.6.360.20210325
  • Meeting Connector MMR up to version 4.6.360.20210325
  • Recording Connector up to version 3.8.44.20210326
  • Virtual Room Connector up to version 4.4.6752.20210326
  • Virtual Room Connector Load Balancer up to version 2.5.5495.20210326

Keep in mind that all these vulnerabilities can be exploited if an attacker manages to obtain the login credentials of a user with administrative rights.

How to avoid being a victim of this problem

So what can we do to avoid being a victim of such a problem and having our Zoom video calls compromised? The first thing is that we must always keep everything updated to the latest versions available. These vulnerabilities that we have seen have already been patched. It is essential to have everything with the corresponding patches.

In addition, we have seen that they need to obtain the login credentials to exploit them. That is why it is essential to have passwords that are strong and that contain all the elements that prevent the entry of any intruder. A good key is one that is totally random and has letters (both uppercase and lowercase), numbers, and other special symbols. We can always have a password manager in mind.

On the other hand, we always recommend installing the programs from official sources. This will also help reduce the risk of potentially malicious software reaching our system and compromising security and privacy.