Date:10/07/19
A major vulnerability in a video conferencing app for Apple Mac computers has been discovered by a security researcher, which if exploited could allow hackers to spy on people through their webcams.
Software engineer Jonathan Leitschuh uncovered the bug within the Zoom app, and warned users that simply uninstalling the app would not fix the issue.
In a Medium post detailing the security flaw, Mr Leitschuh estimated that more than 4 million webcams were at risk, together with 750,000 companies around the world.
"This vulnerability allows any website to forcibly join a user to a Zoom call, with their video camera activated, without the user's permission," he wrote.
"Additionally, if you've ever installed the Zoom client and then uninstalled it, you still have a local host web server on your machine that will happily reinstall the Zoom client for you, without requiring any user interaction on your behalf besides visiting a webpage."
The vulnerability works by exploiting a feature in Zoom that allows people to send a meeting link for a video conference call.
This link essentially allows the site to forcibly initiate a video call through the Zoom app, without the person on the other end having to accept.
"Ultimately, Zoom failed at quickly confirming that the reported vulnerability actually existed and they failed at having a fix to the issue delivered to customers in a timely manner," he wrote.
"An organisation of this profile and with such a large user base should have been more proactive in protecting their users from attack."
Zoom did not respond to a request for comment from The Independent.
In a statement provided to ZDNet, Zoom said that the use of a local web server on Macs was a "workaround" to changes introduced in the Safari 12 web browser.
The firm called it a "legitimate solution to a poor user experience, enabling our users to have seamless, one-click-to-join meetings, which is our key product differentiator".
While uninstalling the app would not prevent the vulnerability from being exploited, Mr Leitschuh noted that users could protect themselves by disabling the ability for Zoom to turn on the webcam when joining a meeting.
Webcam flaw lets hackers spy on people through Mac Video Conference App Zoom
A major vulnerability in a video conferencing app for Apple Mac computers has been discovered by a security researcher, which if exploited could allow hackers to spy on people through their webcams.Software engineer Jonathan Leitschuh uncovered the bug within the Zoom app, and warned users that simply uninstalling the app would not fix the issue.
In a Medium post detailing the security flaw, Mr Leitschuh estimated that more than 4 million webcams were at risk, together with 750,000 companies around the world.
"This vulnerability allows any website to forcibly join a user to a Zoom call, with their video camera activated, without the user's permission," he wrote.
"Additionally, if you've ever installed the Zoom client and then uninstalled it, you still have a local host web server on your machine that will happily reinstall the Zoom client for you, without requiring any user interaction on your behalf besides visiting a webpage."
The vulnerability works by exploiting a feature in Zoom that allows people to send a meeting link for a video conference call.
This link essentially allows the site to forcibly initiate a video call through the Zoom app, without the person on the other end having to accept.
"Ultimately, Zoom failed at quickly confirming that the reported vulnerability actually existed and they failed at having a fix to the issue delivered to customers in a timely manner," he wrote.
"An organisation of this profile and with such a large user base should have been more proactive in protecting their users from attack."
Zoom did not respond to a request for comment from The Independent.
In a statement provided to ZDNet, Zoom said that the use of a local web server on Macs was a "workaround" to changes introduced in the Safari 12 web browser.
The firm called it a "legitimate solution to a poor user experience, enabling our users to have seamless, one-click-to-join meetings, which is our key product differentiator".
While uninstalling the app would not prevent the vulnerability from being exploited, Mr Leitschuh noted that users could protect themselves by disabling the ability for Zoom to turn on the webcam when joining a meeting.
Views: 636
©ictnews.az. All rights reserved.
Similar news
- Cellphone Use May Raise Cancer Risk
- Australian police pushes cyber safety education
- Vietnam aims to lead in e-government
- Senate Website Gets Hacked
- US builds net for cyber war games
- Japan enacts anti-computer virus law
- India passes law vs e-waste
- Anonymous Declares War On The City Of Orlando
- Microsoft highlights evolving dangers as online identity data proliferates
- Consumers want internet security to be provided by banks
- Government facilities targets of cyber attack
- South Korean web attacks might been war drill
- Sri Lanka to Establish National Passport Database to Increase Border Security
- Hi-tech crime agencies set to employ information security professionals
- Phone hacking and online campaign bring down the News of the World
