Zoom's latest bug lets hackers steal your Windows passwords

(ILLUSTRATION) - The icon of the videoconferencing app Zoom is displayed on an iphone in Oestrich-Wi...
MATTIA SEDDA/EPA-EFE/Shutterstock
Impact

Zoom has exploded in popularity during the coronavirus pandemic. For most apps, a surge in users is a good thing, but for Zoom it has led to increased scrutiny on its security practices, which it seems leave a lot to be desired. The most recent discovery is a bug that allows hackers to steal Windows passwords.

First discovered by security researcher @_g0dmode, the hack was verified by Matthew Hickey. The problem occurs when Zoom's chats change Windows networking UNC (Universal Naming Convention) paths into clickable links. If you click on that link, you're able to access people's login information.

While it's true that the password is hashed, which means it's converted into unreadable strings of characters, there are plenty of ways to get around that. With Zoom, it's as easy as using a recovery tool like Hashcat.

If this were Zoom's first bug, maybe something like this could be overlooked if a fix were implemented quickly. Unfortunately, this may be the more low-key of Zoom's recent security blips.

Last month, a Motherboard report revealed that the Zoom iOS app secretly gives your data to Facebook. The information sent to the social media company included when you started the app, what kind of device you used, your location, and your phone carrier. As a result, Zoom is now facing a class action lawsuit.

Then, another Motherboard report found that Zoom is leaking personal information to thousands of users, including email addresses and photos. And Patrick Wardle, a former NSA hacker and security researcher, found two bugs that can be used to take over a Zoom user's Mac, including gaining access to their webcam and microphone.

When it comes to the Windows bug, there is a quick fix. BleepingComputer reported you can go to Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers and set to "Deny all".

But with all of these security issues mounting up, it might be time to ask if Zoom should be the go-to quarantine app for work, school, and more. People are under enough stress without having to worry about someone taking over their computer or gaining access to sensitive information.