Cisco Webex & Zoom Bug Lets Attackers Spy on Conference Calls
Zoom and Cisco Webex have each issued patches for a vulnerability impacting their web conferencing software. In July of this year, security researchers with CQ Prime Threat Research discovered that it would be possible for threat actors to view or listen to ongoing Zoom and Webex meetings if they were not protected with a password.
The researchers found out that a design flaw in both platforms made it possible to find the IDs of active Zoom and Webex calls by enumerating numeric or alphanumeric sequences. They programmed a bot that could not only carry out such enumeration, but would also drop in on meetings if no password was required to do so. The researchers warn that the vulnerability can also allow attackers to access certain information about the meeting and the meeting host, such as the latter’s name or email address.