How hackers are recording Zoom meetings without your permission

A few days ago, multiple technology companies, such as Google, SpaceX, and even NASA banned their employees from using Zoom as a tool for remote work due to multiple reports of some security issues on the platform, mention vulnerability assessment specialists.  

One of the most common attacks is “ZoomBombing”, which is to interrupt a target session to stream inappropriate content. However, the cybersecurity community fears that this is a precedent for more sophisticated attacks, such as malware execution and exploiting zero-day vulnerabilities that could compromise all of a Zoom user’s computing resources.

A group of vulnerability assessment specialists from Morphisec Labs has detected a vulnerability in Zoom that could allow a malicious hacker to record a video conferencing session and extract text messages without participants’ consent. In addition, this can be done even if the host has disabled the function to record the session.

It all starts with malware injected into a Zoom process, which requires no user interaction. It should be noted that the participants of the session are not notified about this behavior, so the whole process can go completely unnoticed. Finally, the hacker manages to record the Zoom session. Vulnerability assessment experts consider it highly likely that a campaign to exploit this attack will be presented, especially after the leak of more than 500,000 Zoom access credentials available on dark web was revealed.

The company has already been alerted to this security issue. The researchers also prepared the description of an attack scenario:

  • User A sends a Zoom invitation to User B
  • User B accepts the invitation and joins the Zoom session with user A
  • User A sends a chat illustrating that messages can be sent and received, and now user B can respond
  • User B prompts user A access to record the session. User A denies this request by disabling recording privileges for attendees, as it is about to share sensitive information
  • At this point, user B launches the malicious code to record the session without user A’s consent. On its screen, user B can see that the session is being recorded, even if user A is not aware of this behavior
  • When the session ends, the malware present in Zoom manipulates the recording to be sent to the attacking user

For further reports on vulnerabilities, exploits, malware variants and computer security risks you can access the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.