Hackers could be eavesdropping on your Zoom calls thanks to this flaw

bose soundbar, rel sub, En İyi Ev Ses Sistemi, Ev Ses Sistemleri Online, müzik dinlemek için en iyi hoparlörler, ev stereo sistemi bileşenleri, Satılık Müzik Seti

Researchers have discovered a flaw in Zoom and AudioCodes products which could allow threat actors to listen in on video conferencing calls, hijack vulnerable endpoints, and even deliver more devastating malware such as infostealers or ransomware.

Security expert Moritz Abrell from SySS was the one who found flaws in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP) features, which allows admins to configure VoIP devices in a centralized manner. 

The provisioning process was flawed, though – so when the tool tries to grab configuration files from the ZTP service, it does so without any client-side authentication mechanism, which the attackers could abuse to drop malware from a rogue server.

Taking over devices

Furthermore, there was another improper authentication issue, this time in the cryptographic routines in AudioCodes’ VoIP desk phones, which crooks could use to decrypt sensitive information. Combine these two flaws, and you get an exploit chain that grants attackers full access to the vulnerable devices. 

“When combined, these vulnerabilities can be used to remotely take over arbitrary devices. As this attack is highly scalable, it poses a significant security risk,” Abrell said.

Read more

> Zoom apologises for major security vulnerabilities, promises fixes

> These security flaws could have let intruders snoop on your Zoom meetings

> Here are the best firewalls around

Three years ago, at the early days of the Covid-19 pandemic, Zoom was one of the most-used applications out there, resulting in an enormous spike in popularity. As a result, hackers dug deep into the program’s code, finding flaw after flaw. At one point it had gotten so bad that the company halted all production and focused solely on boosting the security of its services.

Since then, Zoom plugged numerous holes, other communication and collaboration tools (such as Teams, for example) took some of the load off Zoom, and many firms had their employees return to the office.

  • These are the best endpoint protection solutions around

Via: The Hacker News

En İyi Ev Ses Sistemi,
Ev Ses Sistemleri Online,
müzik dinlemek için en iyi hoparlörler,
ev stereo sistemi bileşenleri,
Satılık Müzik Seti

stereoguide-referencehometheater-techradar