{"id":4671,"date":"2021-03-25T12:36:53","date_gmt":"2021-03-25T09:36:53","guid":{"rendered":"https:\/\/techrafiki.com\/?p=4671"},"modified":"2021-03-25T12:37:03","modified_gmt":"2021-03-25T09:37:03","slug":"glitch-in-zooms-screen-sharing-feature","status":"publish","type":"post","link":"https:\/\/techrafiki.com\/glitch-in-zooms-screen-sharing-feature\/","title":{"rendered":"A glitch in Zoom&#8217;s screen sharing feature raises security concerns"},"content":{"rendered":"\n<p>The glitch in Zoom&#8217;s screen sharing feature could accidentally leak users\u2019 data to other meeting participants on a call. However, the data is only leaked briefly making a potential attack difficult to carry out according to <a href=\"https:\/\/threatpost.com\/zoom-glitch-leaks-data\/164876\/\" class=\"rank-math-link\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline\">Threatpost<\/span><\/a>.<\/p>\n\n\n\n<p>The bug is caused by an error in Zoom&#8217;s screen sharing feature. The feature helps users to share the contents of their computer with other <a href=\"https:\/\/techrafiki.com\/11-zoom-tricks-for-that-extraordinary-zoom-experience\/\" class=\"rank-math-link\"><span style=\"text-decoration: underline\">Zoom<\/span><\/a> conferencing call participants. They can share their whole screen, one or more program windows, or only a portion of their screen.<\/p>\n\n\n\n<p>Also read: <a class=\"rank-math-link\" href=\"https:\/\/techrafiki.com\/eala-mps-zoom-meetings-become-costly\/\"><span style=\"text-decoration: underline\">Reports reveal how EALA MPs zoom meetings have cost about UGX 10billion in expenses<\/span><\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Glitch in Zoom&#8217;s screen sharing feature could expose personal information<\/h2>\n\n\n\n<p>However, if a Zoom presenter wishes to share one application window, the share-screen function temporarily transmits information from other application windows to meeting participants, according to a Thursday disclosure advisory issued by German-based SySS security expert Michael Strametz and researcher Matthias Deeg.<\/p>\n\n\n\n<p>\u201cThe impact in real-life situations would be sharing confidential data in an unintended way to unauthorized people,\u201d\u00a0<\/p>\n\n\n\n<p>When a user shares one split program window (such as presentation slides in a web browser) while accessing other windows (such as a mail client) in the background in what is intended to be non-shared mode, the glitch in Zoom&#8217;s screen sharing feature arises in a &#8220;reliably reproducible manner.&#8221; According to the results, meeting participants will interpret the contents of the clearly non-shared application window for a &#8220;brief moment.&#8221;<\/p>\n\n\n\n<p>Because this glitch in Zoom&#8217;s screen sharing feature would be difficult to actually intentionally exploit, an attacker would need to be a participant in a meeting where data is accidentally leaked by the bug the flaw is only medium-severity (5.7 out of 10) on the CVSS scale.<\/p>\n\n\n\n<p>However, \u201cthe severity of this issue really depends on the unintended shared data,\u201d Deeg told Threatpost. \u201cIn some cases, it doesn\u2019t matter, in other cases, it may cause more trouble.\u201d<\/p>\n\n\n\n<p>For instance, if a conference or webinar panellist was presenting slides to those in attendance via Zoom, and then opened a password manager or email application in the background, other Zoom participants would be able to access this information.<\/p>\n\n\n\n<p>The issue was reported to Zoom on 2nd December 2020 however, as of today researchers said they are \u201cnot aware of a fix\u201d despite several inquiries for status updates from Zoom. \u201cZoom takes all reports of security vulnerabilities seriously,\u201d a Zoom spokesperson told Threatpost. \u201cWe are aware of this issue, and are working to resolve it.\u201d<\/p>\n\n\n\n<p>With the coronavirus pandemic, more companies have gone remote over the last year and thus numerous video conferencing sites Zoom have been dealing with a variety of security and privacy concerns, including attackers hijacking online meetings. Other security flaws in Zoom&#8217;s platform have been discovered in the last year, including one that may have enabled attackers to break private meeting passcodes and eavesdrop on video conferences. Zoom, on the other hand, has taken major steps to protect its conferencing network, including increasing end-to-end encryption and introducing new security controls.<\/p>\n\n\n\n<p>Source: <strong>Threatpost<\/strong><\/p>\n\n\n\n<p>Read more: <a class=\"rank-math-link\" href=\"https:\/\/techrafiki.com\/the-best-gadgets-students-need-for-online-classes\/\"><span style=\"text-decoration: underline\">The best gadgets students need for online classes.<\/span><\/a><\/p>\n\n\n\n<p>Read more: <a class=\"rank-math-link\" href=\"https:\/\/techrafiki.com\/the-launch-of-the-samsung-galaxy-s21-and-everything-you-need-to-know\/\"><span style=\"text-decoration: underline\">The launch of the Samsung Galaxy S21 and everything you need to know.<\/span><\/a><\/p>\n\n\n\n<p>READ: <a href=\"https:\/\/techrafiki.com\/online-child-abuse-campaign-in-uganda-by-iwf\/\" class=\"rank-math-link\"><span style=\"text-decoration: underline\">The online child abuse campaign in Uganda has recorded 22,000 reports so far<\/span><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The glitch in Zoom&#8217;s screen sharing feature could accidentally leak users\u2019 data to other meeting participants on a call. However, the data is only leaked briefly making a potential attack difficult to carry out according to Threatpost. The bug is caused by an error in Zoom&#8217;s screen sharing feature. The feature helps users to share [&hellip;]<\/p>\n","protected":false},"author":5,"featured_media":4672,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_jetpack_memberships_contains_paid_content":false},"categories":[48,50],"tags":[706,1051,1050],"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"https:\/\/i0.wp.com\/techrafiki.com\/wp-content\/uploads\/2021\/03\/960x0-3.jpg?fit=959%2C640&ssl=1","_links":{"self":[{"href":"https:\/\/techrafiki.com\/wp-json\/wp\/v2\/posts\/4671"}],"collection":[{"href":"https:\/\/techrafiki.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techrafiki.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techrafiki.com\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/techrafiki.com\/wp-json\/wp\/v2\/comments?post=4671"}],"version-history":[{"count":1,"href":"https:\/\/techrafiki.com\/wp-json\/wp\/v2\/posts\/4671\/revisions"}],"predecessor-version":[{"id":4673,"href":"https:\/\/techrafiki.com\/wp-json\/wp\/v2\/posts\/4671\/revisions\/4673"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techrafiki.com\/wp-json\/wp\/v2\/media\/4672"}],"wp:attachment":[{"href":"https:\/\/techrafiki.com\/wp-json\/wp\/v2\/media?parent=4671"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techrafiki.com\/wp-json\/wp\/v2\/categories?post=4671"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techrafiki.com\/wp-json\/wp\/v2\/tags?post=4671"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}