Studying and working from home can lead to hacker attacks since Zoom hack is real due to UNC path injections
It is reported that Zoom Windows client is vulnerable to UNC path injections so one click on the link can lead to stolen data or hacked devices.[1] The situation in the world regarding the COVID-19 pandemic made the platform famous due to the immediate requirement of the easy-to-use remote conferencing solution.[2] Zoom became one of the most popular platforms, and this user involvement in activities online encouraged hackers to come up with new techniques.[3]
This hacking method works because Zoom users can hold a meeting and communicate by sending messages in the chat. This interface converts any URLs to hyperlinks, and members can click on them and automatically open the website on the default browser.
Cybersecurity expert[4] revealed that a video conferencing platform is vulnerable and has concerning issues regarding UNC path injections. Such a flaw allows remote attackers to steal Windows login credentials, execute programs, and arbitrary commands on the affected system.
When the user clicks on a provided link, Windows automatically connects to a server that also sends users’ login and password hash. Even though these captured passwords are not in the form of plain text, weak NTLM hashes can get cracked.[5]
Free hacking tools can be used to get passwords and logins
This vulnerability can easily be exploited if the user clicks on the UNC path link, the operating system automatically attempts to connect to the remote website using the SMB file-sharing protocol to open the file or the shared domain. When Windows does that, users’ login and the NTML password hash is sent by default. This hash can be cracked using any free tools and reveal users’ passwords. All the hacker needs to do is send a particular URL to a victim via the Zoom chat interface.
Stealing credentials can create major issues, especially in a shared environment. This data can get used in later targeted campaigns and launch more malicious attacks. However, the exploitation of this vulnerability is not ending with stealing credentials, attackers can also launch any program on the system or execute arbitrary commands remotely.
This option was confirmed by another researcher Travis Ormandy.[6] He even demonstrated how this path injection flaw can be exploited with a batch script containing malicious commands. Such a method also relies on the fact that the browser automatically saves downloaded files in the particular default folder.
Hackers can trick the user into downloading the batch script and then accessing the file using the Zoom chat interface bug. This scenario requires more information about the Windows user, but the username can be obtained using the first method of the SMBRelay attack.
Zoom conferencing platform security and privacy issues
The time right now is sensitive because of the Coronavirus situation that causes many countries in lockdown, and quarantine leads to more people going online and turning to platforms like Zoom. Unfortunately, this popularity also attracts the attention of hackers to the platform[7] and exposes vulnerabilities and security, privacy issues with the platform itself.
Unfortunately, this issue with UNC paths and NTML hashes is not the only one and not the first discovered. The more people use this platform, the more privacy and security concerns are surfacing. FBI warned people about Zoom-bombing attacks when hackers sneak to meetings and show people in the gathering various material from pornographic images to racist comments.
Privacy bugs get patched, but flaws can allow uninvited people to join private conferences and remotely access the privately shared data on the session. Additional questions regarding the security of the platform and data gathering, encryption are still surfacing in media, and Zoom officials try to address all the questions. What you as a user can do is use alternate service, choose the one for you, and control your privacy and security with VPN software, security programs.