Check Point Research and Zoom collaborate to fix ‘Vanity URL’ issue
July 2020 by Marc Jacob
Check Point Research recently helped to mitigate a potential security issue in Zoom that could have allowed hackers to manipulate organizations’ customizable Zoom ‘Vanity URLs’ and send legitimate-looking business meeting invitations, with the aim of inserting malware, stealing data or credentials from unsuspecting victims.
Zoom usage has exploded during the global Covid-19 lockdowns, from 10 million daily meeting participants in December 2019 to over 300 million in April 2020. Cybercriminals are using this popularity as phishing bait for Zoom and other video communication platform users. According to Check Point, Zoom-related domain registrations and fake Zoom installation programs, in particular, have been the subject of a major increase. In January, Check Point Research worked with Zoom to fix a vulnerability that would have allowed threat actors to join meetings they weren’t invited to.
The new potential Vanity URL security issue was found by researchers following up on the January collaboration. This issue could have allowed a hacker to manipulate a Vanity URL (e.g., https://yourcompany.zoom.us) in two ways:
• Targeting via direct links: when setting up a meeting, the hacker could change the invitation URL to include a registered sub-domain of their choice. In other words, if the original link was https://zoom.us/j/##########, the attacker could change it to https://
• Targeting dedicated Zoom web interfaces: some organizations have their own Zoom web interface for conferences. A hacker could target this interface and attempt to redirect a user to enter a meeting ID into the malicious Vanity URL rather than the genuine Zoom web interface. As with the direct-links attacks, without cybersecurity training, a victim of such attacks may not have been able to recognize the malicious URL and could fall prey to the attack.
Using either method a hacker could attempt to pose as an employee of a legitimate organization via Zoom, and give the hacker a vector for stealing credentials or sensitive information.
Check Point Research and Zoom worked together to resolve these issues. Zoom has addressed the issue and put additional safeguards in place for the protection of users.