This Zoom Screen-Sharing Security Flaw Might Be Leaking Your Private Data
Zoom has become one of the most popular video conferencing solutions for working and learning from home since the start of the COVID-19 pandemic. Given that the platform is so popular, it is not surprising that security flaws pop up from time to time. Subsequently, researchers from Germany have discovered a glitch in Zoom's screen-sharing feature, which could leak all sorts of data if captured.
The glitch denoted as CVE-2021-28133, "sometimes allows attackers to read private information on a participant's screen, even though the participant never attempted to share the private part of their screen." This can happen when a specific window is being screen-shared, and a background application is either opened or closed. Though the closed or open application may flicker for a brief second, it would be plenty to collect information should the attacker be recording the meeting.
The researchers at pentesting company SySS posted a video to YouTube demonstrating the privacy flaw, which you can see above. As it stands, the current Windows Zoom version 5.5.4 and prior 5.4.3 are affected by the issue. Presently, Zoom has not provided a security bulletin, nor has it pushed out any sort of patch.
Ultimately, if you are concerned about leaking sensitive data, either turn off screen-sharing until a fix is released or do not open or close applications that may contain sensitive data while screen-sharing. Hopefully, Zoom will release a fix for this rather quickly, and if you want to find out more about this issue, you can read SySS's advisory.
