How Attackers Can Steal Windows Credentials on Zoom Using UNC Links 

In light of COVID-19-related isolation orders, are your employees conferencing at home using Zoom? If so, read on to learn about a serious security problem.  

If you’ve been working remotely from home due to COVID-19-related lockdown and isolation orders, chances are, you’ve been using Zoom. Amidst the coronavirus pandemic of 2020, Zoom truly seems to be having its moment in the sun.

In effect, it’s the equivalent to FaceTime, but for business conference calls. Special features such as the ability to chat, share links and workspaces, and collaborate online, allow it to work particularly well for work-from-home employees who must collaborate.

There’s bad news for Windows Zoom users, however.

IT Security specialists have recently uncovered issues related to Zoom’s ability to share links. These issues are not minor. They have made it possible for attackers to actually steal credentials from users and even access a user’s camera and microphone.

Ian Brady with Steadfast Solutions, a top Melbourne managed IT services provider shares insights into security issues with Zoom.

How Attackers Can Steal Windows Credentials

In fact, Zoom is experiencing a number of security issues at the moment, and truthfully, whether you use Windows or MacOS machines, it’s important to be on guard for security breaches.

While Zoom is working to contain these issues and remedy the holes and flaws that have allowed for problems, this is what Windows Zoom users need to understand:

A Vulnerability in Messaging and Hyperlink-Use

Zoom users who meet to participate in a video or voice chat can simultaneously chat through text messages. It is inevitable that within these text chats, URLs may be passed between users.

Whenever a URL is put into the chat, however, it will actually be converted into a hyperlink by Zoom. This makes it easy for the recipient of the URL message to click on it and go directly to that page on the web, within their specified browser.

The problem is that Windows networking UNC paths — when put into a chat message — will convert to hyperlinks or clickable links as well. This may not seem to be a problem at first. However, when this happens, the recipient can actually click on the link, and Windows will try to connect that person and open the file.

Again, you may be wondering, what’s the big deal?

Well, when Windows does this, it will actually — by default — send out the sender’s Windows credentials (login and NTLM password hash). This information can then be decoded by using any number of simple cracking tools found online.

Many white hat hackers and security specialists have been able to replicate these results. For now, Zoom has stopped the default code that changes URLs and UNC paths to hyperlinks automatically. Still, it is advised that users continue being wary of sending links via chat.

Other Problems With Zoom

There are additional problems that may occur because of the flaw with how Zoom sends links. Most notably, it’s been discovered that a hacker could actually use the UNC injects to start programs on the user’s computer.

Additionally, “Zoom-bombing” incidents have been taking place in alarming numbers. Users who are participating in conference calls are being “bombed” by hackers who have breached the conference call or video chat. The users might be having business meetings or lessons when a hacker will show up and shout profanities, show obscene photographs, or exploit the communication in other ways.

To avoid this, it’s important to never make your calls public, to keep your contact lists updated, and to not share links to Zoom calls on social media.

It’s Now More Important Than Ever to Keep Your Business Secure

In times of economic strife, widespread anxiety, and a lack of focus on security, it is, in fact, more important than ever to put more attention on your business’s security. Speak with your managed service provider today to learn more about keeping your Zoom calls, network access, and data secure.