Business Today
Loading...

Zoom Vanity URL security issue could let hackers impersonate organisations' URLs, now fixed

A Vanity URL is a custom URL for users' companies. The security flaw would let hackers impersonate these URLs.

twitter-logoYasmin Ahmed | July 17, 2020 | Updated 11:19 IST
(Source: Reuters)

Highlights

  • Video conferencing company Zoom and software company checkpoint have fixed a Vanity URL security issue.
  • The vanity URL security flaw (now fixed) could allow criminals or hackers to impersonate the vanity URLs into tricking people.
  • Zoom recently announced a new category, Zoom for Home for remote workers.

Video conferencing company Zoom and software company Cyber Security Research have fixed a vanity URL issue that could lead to phishing or fraud attacks. According to Zoom, a Vanity URL is a custom URL for your company such as yourcompany.zoom.us. A vanity URL could later be designed or customised as per the user's preference.

Since the lockdown period started, millions of organisations have taken to Zoom for meetings, remote working, etc. This would mean there would be as many vanity URLs on the website. The vanity URL security flaw, which has been fixed now, could allow criminals or hackers to impersonate the vanity URLs into tricking people to give away information or causing harm to an organisation.

This flaw could have allowed hackers to disrupt organisations' custom URLs for the service and send legitimate-seeming meeting invitations to users. On accepting these invitations, hackers could inject malware in the users' devices that could have led to the phishing attacks.

Hackers could exploit an organisation in two ways. The first would be to change a vanity URL and add a direct invitation link to a fake meeting. The second would involve targeting an organisation's zoom web interface, and asking the user to enter his meeting ID into a malicious vanity URL.

"Prior to Zoom's fix, an attacker could have attempted to impersonate an organization's Vanity URL link and send invitations which appeared to be legitimate to trick a victim. In addition, the attacker could have directed the victim to a sub-domain dedicated website, where the victim entered the relevant meeting ID and would not be made aware that the invitation did not come from the legitimate organization," CheckPoint in its blog stated.

By April 2020, Zoom's downloads skyrocketed to 300 million users. Initially, the video conferencing app faced many security issues. Having the vulnerabilities pointed out and many organisations asked their employees not to use Zoom. Zoom then announced a 90-day-security plan to beef up security on the platform. Zoom also enabled end-to-end encryption for all users.

Zoom announces a new category, Zoom for Home: Zoom recently announced a new category Zoom for Home especially for remote workers to upgrade home-office experience. Zoom for Home "allows anyone to deploy a dedicated personal collaboration device for video meetings, phone calls, and interactive whiteboarding," according to Zoom.

Zoom for Home launched its first device called the Zoom for Home DTEN ME, an all-in-one personal collaboration device that will be available for $599, which is around Rs 45000. Zoom said that the device will be available for shipping in the US by august 2020. Zoom Meetings and Zoom Phone users can log in to the device for collaborations. Zoom for Home -- DTEN ME is a 27-inch, all-in-one device that includes 3 built-in smart cameras for video, an 8-microphone array, and an ultra-responsive touch display that can also serve as a second monitor.


Youtube
  • Print

  • COMMENT
BT-Story-Page-B.gif
A    A   A
close