Cybersecurity experts have discovered that custom URLs from Google Docs, Zoom, or Box can be copied or changed at will. A hacker could send a link without the victim suspecting a trap in the address.
It’s easier to usurp a large group than you might think. Researchers from Varonis, a company specializing in cybersecurity, have detected a flaw in the URLs of services such as Google Docs, Zoom or Box.
These companies use personalized web addresses to share files, invite someone to a video conference, etc. However, Varonis discovered that only part of this URL is protected, the rest is modifiable.
The researchers give an example in their report published on May 11, 2022. Zoom, the popular video conferencing application, offers its customers to customize the subdomain. So we could for example ask for an address numerama.zoom.com for our employees to initiate an online meeting or webinar.
Varonis experts have attacked the links of already recorded meetings or webinars and in many cases managed to modify the URL or redirect it to another address without the user noticing.
Thus it would be possible to offer an employee to view the last meeting recorded under the address numerama.zoom.com, but the latter was actually published to a fraudulent link.
[Lire la suite]
Subscribe to Numerama newsletters to receive the main news https://www.numerama.com/newsletter/