Like many others working from home during this trying time, you may be using the popular video conferencing tool Zoom. However, what you may not have expected are your Windows account details to be leaked.
While Zoom has encountered some security issues in the recent past – not utilizing end-to-end encryption for calls, leaking emails and photos, and sending data to Facebook, it’s the most recent issue that has a lot of users most concerned. A new and unnerving exploit has been found by a relatively unknown security researcher @_g0dmode, in which if you click a specific link in Zoom’s chat functionality, your Windows login name and password can be stolen. Compounding this, a more famous hacker Matthew Hickey has stated that the vulnerability can even allow access to launch programs on your machine. You will be given a security warning when one of these programs is trying to launch but for unsuspecting users, it is very easy to just allow access.
Luckily for those utilizing Zoom, this exploit can be blocked by editing some computer configurations. What you’ll have to do is go to Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers and set it to “Deny all”. While this is a little techy for your average person, following the above steps simplifies the process a little and prevents any attempts to access your details.
With the increasing popularity of this tool, we hope that Zoom fixes this issue quickly. No one wants to experience having their details stolen, especially in the world’s current climate.