The “Prying-Eye” vulnerability could let intruders scan for unprotected meeting IDs and snoop on conference calls.
Cisco Webex Zoom- Researchers have discovered a vulnerability in the Zoom and Cisco Webex conference platforms that could let an attacker scan for and drop into video meetings unprotected with a password.
The “Prying-Eye” vulnerability was discovered in July by researchers with the CQ Prime Threat Research Team, a division of application security startup Cequence. Cisco and Zoom were immediately notified of the flaw, and both companies have issued patches for their systems.
An adversary could exploit Prying-Eye to launch an enumeration attack, which leverages automation to detect numeric or alphanumeric sequences that are used as identifiers for public-facing applications. CQ Prime analysts targeted the web conferencing APIs with a bot designed to scan and discover valid numeric meeting IDs for Webex and Zoom calls. If the meeting isn’t protected with a password or other authentication, the attacker could drop in.
When the bot cycles through the sequences to find a valid ID, it comes back and determines whether the ID is valid and whether it requires a password, says Shreyans Mehta, co-founder and CTO of Cequence and leader of this research. An attacker could respond back and view or listen to an active meeting, and could also use this tactic to determine the IDs of future calls.
That’s not all the attacker could discover, Mehta points out. “Once you identify an unprotected meeting ID, you can get more information about that meeting host and you can get information about who owns the meeting identifier,” he explains. Depending on the target, the attacker could gain access to the meeting host’s name or email address in addition to information about the meeting.
It is worth noting the intruder may be noticed, as callers are announced when they join meetings. There is no indication this vulnerability has been exploited on either Webex or Zoom platforms.