Cisco Webex bugs allow attackers to join meetings as ghost users

Cisco plans to fix three vulnerabilities in the Webex video conferencing app that can allow attackers to sneak in and join Webex meetings as ghost users, invisible to other participants.

See also

Questions that still need to be asked as governments tap tech to contain coronavirus

Some compromise in personal privacy has been deemed necessary in countries such as Singapore, Taiwan, and South Korea that have turned to technology to aid in contact tracing and movement monitoring, but there are questions citizens should still ask to protect their cyber wellbeing.

Read now

The vulnerabilities were discovered earlier this year by security researchers from IBM, who conducted a review of remote working tools the tech software giant was using internally during the coronavirus pandemic.

Researchers said the three bugs, when combined, would have allowed an attacker to:

1. Join a Webex meeting as a ghost user, invisible to others on the participant list, but with full access to audio, video, chats, and screen sharing.
2. Remain in a Webex meeting as a ghost audio user even after being expelled from it.
3. Obtain information on meeting participants, such as full names, email addresses, and IP addresses. This information could also be obtained from the meeting room lobby, even before the attacker was admitted to a call.

IBM researchers said the bugs reside in the "handshake" process that takes place when new Webex meetings are established.

Attackers who gained access to a meeting URL can connect to a Webex server, send malformed packets, and manipulate the server into gaining access to meetings and participants' details.

"In our analysis, we identified the specific values of the client information that could be manipulated during the handshake process to make the attendee invisible on the participants' panel," the IBM research team said in a report shared with ZDNet.

"We were able to demonstrate the ghost attendee issue on MacOS, Windows, and the iOS version of Webex Meetings applications, and Webex Room Kit appliance," the researchers added.

Mitigating circumstances include the fact that the vulnerabilities can only be exploited if attackers know the URLs of scheduled Webex meetings with unique meeting URLs and Webex Personal Rooms.

However, IBM researchers say that "personal rooms may be easier to exploit because they are often based on a predictable combination of the room owner's name and organization name."

Cisco will be releasing patches today for the three Webex vulnerabilities reported by the IBM team — namely CVE-2020-3441, CVE-2020-3471, and CVE-2020-3419.

Besides Zoom, Cisco Webex is one of the apps that came on top after the COVID-19 pandemic. It is being reported that Webex usage grew 451% this year, and that at its peak, Webex hosted as many as 4 million meetings in a single day, with as many as 324 million users.

A video summarizing the IBM team's work is also available below:

Security

Do you need antivirus on Linux?

6 ways to protect yourself from getting scammed online, by phone, or IRL

The best VPN free trials for 2024

8 habits of highly secure remote workers

How to find and remove spyware from your phone

• Do you need antivirus on Linux?
• 6 ways to protect yourself from getting scammed online, by phone, or IRL
• The best VPN free trials for 2024
• 8 habits of highly secure remote workers
• How to find and remove spyware from your phone