A security glitch in Zoom could inadvertently leak users’ data to other meeting participants on a call. A potential attack would be difficult, however, since the data is only leaked briefly.
The glitch happens with the screen sharing function of Zoom. Users have the option to share their entire screen, one or more application windows or just one selected area of their screen. However, with the glitch, if a Zoom presenter chooses to share one application window, the share-screen feature briefly transmits content of other application windows to meeting participants.
This poses a risk as there could be confidential information on the other screen that was not intended to be shared.
While this would only occur briefly, many meeting participants who are recording the Zoom meeting are able to then go back to the recording and fully view any potentially sensitive data leaked through that transmission.
Since a potential attacker would need to be present in the Zoom meeting to retrieve the sensitive information, the glitch is only considered medium severity to users.
The glitch was reported to Zoom on Dec. 2 – however, researchers are still unaware of a fix despite several inquiries for status updates from Zoom.
Zoom has already been grappling with various security and privacy issues, including attackers hijacking online meetings in what are called Zoom bombing attacks. Other security issues have come to light in Zoom’s platform over the past year during the pandemic– such as one that could have allowed attackers to crack private meeting passcodes and eavesdrop on video conferences.
However, Zoom has also taken important steps to secure its conferencing platform, including beefing up its end-to-end encryption and implementing other security measures.