Check Point last year found a now patched flaw in Zoom Meeting that allowed researchers to predict meeting ID numbers enabling them to enter private conversations.
The vulnerability was found last year and patched by Zoon Video Communications in July 2019, but the company has only just now reported on the issue.
The flaw lies in the fact that Zoom uses 9, 10, or 11 digits for its meeting ID numbers. If the user has not enabled requiring a password or set up a waiting room from where people are manually added to the meeting, there is a very high possibility the meeting ID itself can be found.
“Our researchers were able to predict ~4% of randomly generated meeting IDs, which is very high chance of success, comparing to the pure brute force,” Check Point wrote.
Check Point brought the issue to Zoom’s attention last year and the company has since changed how the meeting number is generated fixing the problem.
"The privacy and security of Zoom’s users is our top priority. The issue was addressed in August of 2019, and we have continued to add additional features and functionalities to further strengthen our platform. We thank the Check Point team for sharing their research and collaborating with us," a Zoom spokesperson told SC Media.