Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

M&A Tracker

Zoom’s Vanity URLs Could Have Been Abused for Phishing Attacks

An issue related to the Zoom feature that allows for the customization of meeting URLs could have been exploited for phishing attacks, Check Point reveals.

An issue related to the Zoom feature that allows for the customization of meeting URLs could have been exploited for phishing attacks, Check Point reveals.

Zoom is a video conferencing service that has come under intense scrutiny after being widely adopted as the collaboration tool of choice by numerous organizations and end-users worldwide, amid the COVID-19 pandemic.

The recently identified security issue, Check Point says, is related to the Zoom Vanity URL, a custom URL (e.g. companyname.zoom.us) that organizations are required to use when looking to enable single sign-on (SSO).

The customizable vanity pages are rarely accessed by users, as they don’t normally need to type in the URL for the page to access a video meeting, but click on a provided link for that.

According to Check Point, an attacker looking to exploit the discovered issue would have pretend to be a legitimate employee within a company, then send invitations that appear to come from the company’s Vanity URL to individuals of interest.

However, although the invitation would seem as being sent from the legitimate Vanity URL of the spoofed organization, the URL would actually point to a subdomain registered by the attacker with a name similar to the one of the target.

By manipulating the link, the attacker could lure the user to their own meeting and trick them into handing over credentials or other sensitive information by making them believe that they are actually in a meeting with someone from the targeted company.

An attacker could also target the dedicated Zoom web interfaces that some organizations use for video conferencing to exploit the bug by redirecting the user to a malicious Vanity URL.

“Without particular cybersecurity training on how to recognize the appropriate URL, a user receiving this invitation may not recognize that the invitation was not genuine or issued from an actual or real organization,” Check Point notes.

Zoom has added safeguards to ensure the protection of its users, the security firm reported.

“Because Zoom has become one of the world’s leading communication channels for businesses, governments and consumers, it’s critical that threat actors are prevented from exploiting Zoom for criminal purposes. Working together with Zoom’s security team, we have helped Zoom provide users globally with a safer, simpler and trusted communication experience so they can take full advantage of the service’s benefits,” Adi Ikan, Group Manager at Check Point Research, commented.

Related: Zoom Got Big Fast. Then Videobombers Made It Rework Security

Related: Zoom Patches Two Serious Vulnerabilities Found by Cisco Researchers

Related: Zoom Announces Better Encryption, Other Security Improvements

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Vulnerabilities

Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.