• 中文版
  • BM
  • News
  • Deals
  • Reviews
    • First Impressions
    • Hands-on
    • Comparisons
  • Tech
    • Mobile
    • Computers
    • Cameras
    • Wearables
    • Audio
    • Drones
  • Telco
    • Celcom
    • Digi
    • Maxis
    • Time
    • U Mobile
    • Unifi
    • Yes
  • Video
  • Cars
  • Contribute
Menu
  • 中文版
  • BM
  • News
  • Deals
  • Reviews
    • First Impressions
    • Hands-on
    • Comparisons
  • Tech
    • Mobile
    • Computers
    • Cameras
    • Wearables
    • Audio
    • Drones
  • Telco
    • Celcom
    • Digi
    • Maxis
    • Time
    • U Mobile
    • Unifi
    • Yes
  • Video
  • Cars
  • Contribute
Search
  • 中文版
  • BM
  • News
  • Deals
  • Reviews
    • First Impressions
    • Hands-on
    • Comparisons
  • Tech
    • Mobile
    • Computers
    • Cameras
    • Wearables
    • Audio
    • Drones
  • Telco
    • Celcom
    • Digi
    • Maxis
    • Time
    • U Mobile
    • Unifi
    • Yes
  • Video
  • Cars
  • Contribute
Menu
  • 中文版
  • BM
  • News
  • Deals
  • Reviews
    • First Impressions
    • Hands-on
    • Comparisons
  • Tech
    • Mobile
    • Computers
    • Cameras
    • Wearables
    • Audio
    • Drones
  • Telco
    • Celcom
    • Digi
    • Maxis
    • Time
    • U Mobile
    • Unifi
    • Yes
  • Video
  • Cars
  • Contribute
Search
Close
Home News

Warning: Your Windows credentials on Zoom are vulnerable to attackers

  • BY Nic Ker
  • 2 April 2020
  • 12:30 pm
  • Comment
Share on FacebookShare on Twitter

As organisations around the world revert to remote working setups, video conferencing app Zoom has certainly seen a rise in popularity. But this popularity is certainly a double-edged sword: privacy issues have come under the spotlight, while the company is the subject of a class action lawsuit in the U.S. for its perceived handling of users’ data.

Now, a report from BleepingComputer has revealed a new problem for Zoom users. A security bug means that users of Zoom’s Windows client could have their Windows login credentials stolen by malicious parties, with users calling for the vulnerability to be patched ASAP.

How does it work?

While the Zoom platform is primarily used for video conferencing, users also communicate with each other via text messages. These text messages, of course, often contain URLs which are converted into hyperlinks on the chat interface so that participants in a chat can then open the links in their browser.

SOURCE: BleepingComputer

However, the issue here is that Zoom also converts Windows networking UNC paths into clickable links (UNC [Universal Naming Convention] is a path to remote servers/printers/network resources). When these links are clicked, Windows connects to the remote server—crucially, Windows will also send over login credentials while doing this.

These credentials are then easily accessible by malicious parties, with BleepingComputer saying that programs can be used to decrypt the credentials—including passwords—“quickly”. To make a bad situation worse, the vulnerability can also be used to “launch programs” whenever these links are clicked.

SOURCE: Malay Mail

How do I protect myself?

Hopefully, Zoom will issue a patch to fix the bug, although the team there certainly have their hands full. Failing that, you can also tweak your Windows settings so that your credentials are not sent when UNC links are clicked.

On Windows 10, open the Group Policy Editor, and head over to the following path: Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options > Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers, and set to Deny All.

However, the Group Policy Editor isn’t available on the Home Edition for Windows 10 by default. This means that Home users will need to install the editor before proceeding.

Or, y’know, you could always find another conferencing app to use. Zoom has come under some serious criticism of late, with issues pertaining to its handling of user data, security, and privacy matters. To find out more about Zoom’s problems, read this story.

[ SOURCE ]

Related reading

Working From Home: Is Zoom safe to use for video conference calls?
Tags: Mobilezoom
Nic Ker

Nic Ker

POPULAR

TM Unifi is offering 2Gbps fibre broadband very soon, but how much will it cost?

March 25, 2023

Warning: Your Windows credentials on Zoom are vulnerable to attackers

April 2, 2020

Here are the best UNLIMITED postpaid plans in Malaysia under RM100 – March 2023 Edition

March 24, 2023

Samsung Galaxy A34 and A54 Malaysia: Official pricing and pre-order promo

March 24, 2023

Works Minister: Sungai Besi Expressway is Malaysia’s first MLFF POC location, 11 highways to support Open Payment System

March 28, 2023

Honda WR-V Malaysia: affordable SUV coming Q3 2023 to take on Perodua Ativa, Proton X50

March 20, 2023

Copyright © 2022 · SoyaCincau.com
Mind Blow Sdn Bhd (1076827-P)

  • ADVERTISE
  • DISCLAIMER

Copyright © 2023 · SoyaCincau.com – Mind Blow Sdn Bhd (1076827-P)

  • ADVERTISE
  • DISCLAIMER