[PLUG] Question on Zoombombin

Mike C. mconnors1 at gmail.com
Mon Apr 6 06:24:59 UTC 2020 

"Or does Zoom even care?"

Oh, Zooom cares, a lot! This has been going on for at least a couple of
weeks and has developed into it's own online subculture that's exploiting
software vulnerabilities and is threatening Zoom's business with
governments and businesses around the world.

Zoom like so many other social media / communication tools is cloud based.
They have servers all over the world including in China.

If you want to know more about Zoom's network architecture and security,
here's a pretty decent article by The Intercept,
https://theintercept.com/2020/04/03/zooms-encryption-is-not-suited-for-secrets-and-has-surprising-links-to-china-researchers-discover/

Zoom has a bit of a mess on their hands and yet again here's another
example of good marketing and user friendliness built on top of insecure
code. Which always ends up just being a matter of time before it gets
exploited.






On Sun, Apr 5, 2020 at 7:31 PM Mark Allyn <allyn at well.com> wrote:

> Ben:
>
> Thanks. I was wondering about this. So if the server (zoom.com) were to
> field the IP
> addresses, than would it be Zoom who would have to trace Zoombombers and
> take action?
>
> I have been reading reports that the FBI is starting to take interest in
> this as
> apparently Zoombombing is a violation of the CFAA, Computer Fraud And
> Abuse Act and
> it would not be myself as a meeting host to try to turn over IP addresses
> to the
> authorities.
>
> Or does Zoom even care?
>
> Mark
>
> ----- Original Message -----
> From: "Ben Koenig" <techkoenig at gmail.com>
> To: "Portland Linux/Unix Group" <plug at pdxlinux.org>
> Sent: Sunday, April 5, 2020 7:17:06 PM
> Subject: Re: [PLUG] Question on Zoombombin
>
> Short answer: no.
>
> Long answer: My understanding is that services like Zoom provide a central
> server that allows clients to talk to each other. The only IP address you
> need is that of the server, the others are abstracted away from the client.
>
> instead,
> - each user sends their data to the server.
> - the server aggregates the incoming connections
> - server distributes data to clients as required
>
> Normally one or more of these clients would be dedicated as the "host" or
> moderator, who is able to change how the server functions on-the-fly. This
> includes things like kicking individual clients, and other functions. In
> order to do get the IP address of each client in a meeting, the service
> must expose that data to each client. This is normally considered a
> security flaw,
> however it would not be unheard of for a given piece of software to
> accidentally leak that kind of data.
>
> That said, if there are bugs in the software that allow unauthorized users
> to join meetings at will, then it's possible that a bug may exist that
> allows you to identify the IP address of your peers in a given meeting.
> This would be an interesting question for Zoom's customer service team,
> since allowing other users to see your IP opens up some severe privacy
> concerns. Personally I'd be interested just to know how they respond to
> such a question.
> -Ben
>
> On Sun, Apr 5, 2020 at 6:09 PM Mark Allyn <allyn at well.com> wrote:
>
> > Folks:
> >
> > I don't know if this is the right forum or not to ask this, but I am
> > curious about this so called Zoombombing that's been creeping up.
> >
> > I was as a zoom meeting that did get bombed with porn on Saturday.
> > Luckily, the host was able to kick them off very quickly.
> >
> > However, this leads me to a question.
> >
> > If I happen to have had another machine on my network running a sniffer;
> > something like Snort; would have I got the IP address of whomever
> > Zoombombed the meeting I was on?
> >
> > In a system like Zoom, do all of the videos come together to my desktop
> or
> > do they go to the host first and then out to the guests? Who would see
> the
> > source IP addresses of those who connect (including the zoombomber) if
> they
> > had a Snort or other sniffer running on their network?
> >
> > If this is not a good forum for something like this, would anyone know
> > what forum I could take this to? Would it be DorkbotPDX?
> >
> > Thank you
> >
> > Mark
> >
> > --
> > Mark Allyn
> > Bellingham, Washington
> > www.allyn.com
> > _______________________________________________
> > PLUG mailing list
> > PLUG at pdxlinux.org
> > http://lists.pdxlinux.org/mailman/listinfo/plug
> >
> _______________________________________________
> PLUG mailing list
> PLUG at pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
> --
> Mark Allyn
> Bellingham, Washington
> www.allyn.com
> _______________________________________________
> PLUG mailing list
> PLUG at pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>

More information about the PLUG mailing list