Abstract:
The post-attendee Uniform Resource Locator (URL) feature within the video conferencing application known as Zoom is often overlooked by digital forensic experts as a potential risk for malware transmission. However, with the ability to redirect webinar participants to any URL set by the host for the webinar, the post-attendee URL can be abused by bad actors to expose webinar participants to malicious websites or, in the worst-case scenario, force participants to download a file through the use of a direct download link URL. This study aims to showcase how this exploit can be replicated by creating an experimental environment involving four Windows 10 desktops running Zoom version 5.7.5 and creating a webinar with four user accounts acting as webinar participants and setting the post-attendee URL value to the URL of a website that contained a keylogger. In another trial, the same experimental environment was utilized, with the only difference being the post-attendee URL that was set to redirect webinar participants to a download link for a .jpg file. In both instances, every user account that joined the webinar via clicking on the invitation link that was emailed to each user account after registering for the webinar was redirected to the post-attendee URL regardless of their user account role. These results not only prove that the post-attendee URL can be exploited, but also provide insight as to how this type of attack can be prevented.
摘要:
视频会议应用程序Zoom中的与会者后统一资源定位器(URL)功能通常被数字取证专家忽视,认为这是恶意软件传输的潜在风险。然而,能够将网络研讨会参与者重定向到主持人为网络研讨会设置的任何URL,与会者后的URL可能会被不良行为者滥用,以使网络研讨会参与者暴露于恶意网站,或者,在最坏的情况下,强制参与者通过使用直接下载链接URL下载文件。本研究旨在展示如何通过创建一个实验环境来复制此漏洞,该环境涉及四个运行Zoom版本5.7.5的Windows10桌面,并创建一个网络研讨会,其中四个用户帐户充当网络研讨会参与者,并将与会者后URL值设置为包含键盘记录程序的网站的URL。在另一个审判中,利用了相同的实验环境,唯一的区别是设置为将网络研讨会参与者重定向到的下载链接的与会者后URL。jpg文件。在这两种情况下,通过单击在注册网络研讨会后通过电子邮件发送到每个用户帐户的邀请链接加入网络研讨会的每个用户帐户都会重定向到与会者后URL,而不管其用户帐户角色如何。这些结果不仅证明了与会者后URL可以被利用,而且还提供了如何防止这种类型的攻击的见解。
