The Zoom conference service has been found to contain a dangerous vulnerability tracked in CVE-2018-15715 that allows hackers to hijack their sessions. A proof-of-concept code demonstration shows that the flaw not only allows the malicious users to listen in to the conversations, but also kick out attendees during their online meetings.
The CVE-2018-15715 Vulnerability Affects the Zoom Conference in a Severe Way
Danger roams across business users worldwide as one of their most often used tool, the Zoom conference service, has been found to contain a dangerous vulnerability tracked in the CVE-2018-15715 advisory according to a security report. The full text of the advisory reads the following:
Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and below) are vulnerable to unauthorized message processing. A remote unauthenticated attacker can spoof UDP messages from a meeting attendee or Zoom server in order to invoke functionality in the target client. This allows the attacker to remove attendees from meetings, spoof messages from users, or hijack shared screens.
A proof-of-concept exploit code demonstrates how hackers can use it to hijack online sessions. There are three scenarios that the hackers can use once they have gained control of the session:
- During a live Zoom conference the hacker can hijack the session and thus spy on the information that is streamed.
- An attacker coming in from the local access network (LAN) may intercept Zoom sessions and intrude into them.
- A remote attacker over the Internet can be made. This means that even hackers that are not part of the ongoing meeting can potentially use the bug in order to hijack the session.
The problem lies within the messaging system used by the Zoom conference service. It will wait for messages to be sent out once an appropriate command is done. However upon analysis of the way it works the security analysts have found that it dispatches both sent and received messages with the same message handler. What’s more dangerous is that these handlers are very easy to acquire. This reveals a possibility for the hackers to craft messages that will be interpreted as authorized and trusted messages by the Zoom conference service.
As a result the hackers can access the ongoing conferences and carry out all common activities: spying, data theft, interaction, message spoofing and even locking out or kicking attendees. The impacted versions are Zoom 4.1.33259.0925 for mac OS and Windows 10 and the Zoom 2.4.129780.0915 package for the Ubuntu Linux distribution. The company is currently releasing patches for the affected versions in order to mitigate the issue.
Martin Beltov
Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.
Follow Me: