When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
The exploit could have allowed hackers to hijack meetings and steal information.
Let your people use the web freely without risking data and web link security.
Preferred partner (What does this mean?)
Zoom Rooms is a system that allows team members in different physical locations to work together over Zoom.
When a Zoom Room is created, Zoom creates a service account with licenses for Meetings and Whiteboards.
And thats where the problem lies.
Zoom automatically assigns an email address to the Room service account.
The format of the address is rooms_@companycomain.com.
Using that email, the researchers signed up to Zoom, and got an activation link in the inbox.
Upon activation, Zoom logged the researchers into the victims Zoom tenant as the service account.
The service account is considered a team member, allowing the researchers to gather information laterally across the tenant.
Malicious insiders can also pull it off by simply being in the same Zoom Room.
