Bulletin
Investor Alert

Jan. 28, 2020, 2:59 p.m. EST

Flaw in Zoom allowed intruders to illegally eavesdrop on meetings

Check Point Software, which made the discovery and worked with Zoom to fix it, announced the flaw early Tuesday

new
Watchlist Relevance
LEARN MORE

Want to see how this story relates to your watchlist?

Just add items to create a watchlist now:

  • X
    Check Point Software Technologies Ltd. (CHKP)
  • X
    Zoom Video Communications Inc. (ZM)

or Cancel Already have a watchlist? Log In

By Jon Swartz


Getty Images
Zoom Video Communications Inc. Chief Executive Eric Yuan rings the Nasdaq opening bell on April 18, 2019, the day the video-conferencing software company went public.

A hack that let intruders eavesdrop on meetings over Zoom Video Communications Inc., the popular video-conferencing service used by more than 60% of the Fortune 500, has been detected and resolved.

Check Point Software Technologies Inc. /zigman2/quotes/200866016/composite CHKP +1.17% , which made the discovery and worked with Zoom /zigman2/quotes/211319643/composite ZM -1.78% to fix it, announced the flaw early Tuesday.

Shares of Zoom are up 1.9% in trading Tuesday; Check Point’s stock is down 0.5%.

Cyber-intruders were able to illegally join non-password protected Zoom meetings by generating a list of Zoom Meeting IDs, validate the existence of each meeting ID, and connect to the meeting, according to Check Point. Once inside the virtual meeting, they were able to access all audio, video, and documents shared.

“It’s a form of Zoom roulette,” Yaniv Balmas, head of cyber research at Check Point, said in an email statement. “Here, a hacker could have drafted a large number of Zoom meetings IDs and enter in as a normal participant. We recommend every one update to the latest version of Zoom.”

Check Point first contacted Zoom of the vulnerability on July 22, 2019, as part of a standard responsible disclosure process. Check Point subsequently worked with Zoom to issue a series of fixes and new functionality to patch the security holes. Zoom subsequently introduced security features such as default passwords, password additions, and a device blocker.

For Zoom, whose wildly successful initial public offering in 2019 propelled it to a current market valuation of $20.2 billion, the flaw is a sobering disclosure. The service reaches more than 74,000 customers who consumed 80 billion meeting minutes a year. More than 96% of the top 200 U.S. universities use Zoom.

“The privacy and security of Zoom’s users is our top priority,” a Zoom spokesperson said in an email statement. “The issue was addressed in August of 2019, and we have continued to add additional features and functionalities to further strengthen our platform. We thank the Check Point team for sharing their research and collaborating with us.”

/zigman2/quotes/200866016/composite
US : U.S.: Nasdaq
$ 121.60
+1.41 +1.17%
Volume: 820,509
Sept. 28, 2020 4:00p
P/E Ratio
21.37
Dividend Yield
N/A
Market Cap
$16.85 billion
Rev. per Employee
$418,810
loading...
/zigman2/quotes/211319643/composite
US : U.S.: Nasdaq
$ 487.66
-8.84 -1.78%
Volume: 17.61M
Sept. 28, 2020 4:00p
P/E Ratio
627.70
Dividend Yield
N/A
Market Cap
$141.22 billion
Rev. per Employee
N/A
loading...

Jon Swartz is a senior reporter for MarketWatch in San Francisco, covering many of the biggest players in tech, including Netflix, Facebook and Google. Jon has covered technology for more than 20 years, and previously worked for Barron's and USA Today. Follow him on Twitter @jswartz.

This Story has 0 Comments
Be the first to comment
More News In
Industries

Story Conversation

Commenting FAQs »
Link to MarketWatch's Slice.