“The barrier to doing this research on Zoom was quite high. But I found serious bugs, and sometimes I wonder if part of the reason I found them and others didn’t is that huge barrier to entry.”
. She says she had never given much thought to evaluating Zoom, because the company has added so many pop-up notifications and other protections over the years to ensure that users aren't unintentionally joining calls. But she says she was inspired to investigate the platform after a pair of researchersSilvanovich, who originally disclosed her findings to Zoom at the beginning of October, says that the company was extremely responsive and supportive of her work.
Most mainstream video conferencing services are based at least in part on open source standards, Silvanovich says, making it easier security researchers to vet them. But Apple's FaceTime and Zoom are both fully proprietary, which makes it much harder to examine their inner workings and potentially find flaws.
“The barrier to doing this research on Zoom was quite high,” she says. “But I found serious bugs, and sometimes I wonder if part of the reason I found them and others didn’t is that huge barrier to entry.” You likely join Zoom calls by receiving a link to a meeting and clicking it. But Silvanovich noticed that Zoom actually offers a much more expansive platform in which people can mutually agree to become “Zoom Contacts” and then message or call each other through Zoom the same way that you would call or text someone's phone number. The two vulnerabilities Silvanovich found could only be exploited for interactionless attacks when two accounts have each other in their Zoom Contacts.
Organizations that use Zoom have the option of routing their communications through the company's servers or establishing and maintaining their own server through Zoom's “on-premises” options. Managing a Zoom server can help groups who need control for industry or regulatory compliance, or simply want to be in charge of their own data. But Silvanovich found that the vulnerabilities could be exploited not only to target individual devices, but to take control of these servers.
France Dernières Nouvelles, France Actualités
Similar News:Vous pouvez également lire des articles d'actualité similaires à celui-ci que nous avons collectés auprès d'autres sources d'information.
How to keep your Zoom meetings safe and secureZoom features that keep your meetings private.
Lire la suite »
China's zero-Covid policy could deal another blow to global supply chains, Moody's saysThe challenges has been 'with us for about a year now,' said Katrina Ell is a senior economist for Asia-Pacific at Moody's Analytics.
Lire la suite »
China car sector falling short of 'net zero' goals - GreenpeaceChina's massive car sector is on track to bring its climate-warming carbon dioxide emissions to a peak by 2027 but on current trends it is unlikely to meet the country's 2060 'net zero' target, environment group Greenpeace said on Tuesday.
Lire la suite »
'We're Making Ethereum Greener with Zero Knowledge Proof' - Daniel Puzny of zkTube | HackerNoonIn this latest Crypto Fireside chat, we talk to Daniel Puzny CEO of zkTube, a layer 2 technology that aims to turn ETH mining green while also adding speed...
Lire la suite »
Exxon’s Plan to Hit Net Zero Carbon Emissions: LOLThe company announced it plans to reach net zero carbon emissions by 2050. There are just a few teeny, tiny problems.
Lire la suite »
Exxon Pledges to Reduce Carbon Emissions From Operations to ‘Net Zero’Exxon Mobil said its ambition is to reduce or offset greenhouse-gas emissions from its operations to zero by 2050, as investor and public pressure mount on oil producers to respond to climate change.
Lire la suite »