By Jon Swartz
A hack that let intruders eavesdrop on meetings over Zoom Video Communications Inc., the popular video-conferencing service used by more than 60% of the Fortune 500, has been detected and resolved.
Check Point Software Technologies Inc. /zigman2/quotes/200866016/composite CHKP -0.66% , which made the discovery and worked with Zoom /zigman2/quotes/211319643/composite ZM +1.21% to fix it, announced the flaw early Tuesday.
Shares of Zoom are up 1.9% in trading Tuesday; Check Point’s stock is down 0.5%.
Cyber-intruders were able to illegally join non-password protected Zoom meetings by generating a list of Zoom Meeting IDs, validate the existence of each meeting ID, and connect to the meeting, according to Check Point. Once inside the virtual meeting, they were able to access all audio, video, and documents shared.
“It’s a form of Zoom roulette,” Yaniv Balmas, head of cyber research at Check Point, said in an email statement. “Here, a hacker could have drafted a large number of Zoom meetings IDs and enter in as a normal participant. We recommend every one update to the latest version of Zoom.”
Check Point first contacted Zoom of the vulnerability on July 22, 2019, as part of a standard responsible disclosure process. Check Point subsequently worked with Zoom to issue a series of fixes and new functionality to patch the security holes. Zoom subsequently introduced security features such as default passwords, password additions, and a device blocker.
For Zoom, whose wildly successful initial public offering in 2019 propelled it to a current market valuation of $20.2 billion, the flaw is a sobering disclosure. The service reaches more than 74,000 customers who consumed 80 billion meeting minutes a year. More than 96% of the top 200 U.S. universities use Zoom.
“The privacy and security of Zoom’s users is our top priority,” a Zoom spokesperson said in an email statement. “The issue was addressed in August of 2019, and we have continued to add additional features and functionalities to further strengthen our platform. We thank the Check Point team for sharing their research and collaborating with us.”