Connect with us

News

A nasty Zoom security flaw lets any website turn on your Mac’s camera without you ever knowing

Yikes.

zoom demo
Image: YouTube

Webcams were a mistake. Seriously, there are so many reasons why. But thinking of a few off the top of my head – there’s this, this and this. Are you with me now? Well, the hits keep on coming.

The latest comes from security researcher, Jonathan Leitschuh, who lays out the details in a Medium post explaining a crazy zero-day vulnerability that lets any malicious website basically hack your Mac’s webcam without your permission. Yea, uh, not good.

For those of you out of the loop, Zoom is an extremely popular cloud-based video conference platform that offers people and businesses chat, video, and audio conferencing tools. It’s basically like Google Meet, but a lot more popular. Roughly four million users use it for Mac, which is the prime target for this vulnerability.

As to how the hack works, Leitschuh sums it up here in his blog post:

“This vulnerability leverages the amazingly simple Zoom feature where you can just send anyone a meeting link… and when they open that link in their browser their Zoom client is magically opened on their local machine.

There’s a whole lot more to this security flaw, so here’s a quick rundown of everything you need to know: 

  • The flaw was first discovered by Leitschuh back in March
  • Even if the user had the Zoom client uninstalled on their Mac, the app could easily be reinstalled
  • For a quick fix to patch up the vulnerability, Leitschuh recommends users go into their settings and switching off “turn off my video when joining a meeting”
zoom video preference how to

Image: KnowTechie

That last bullet point is the best way to protect yourself from this security flaw, as of right now. Zoom still doesn’t have the best solution for this yet, which they admitted to Forbes.

“If an attacker is able to trick a target user into clicking a web link to the attacker’s Zoom meeting ID URL, either in an email message or on an internet web server, the target user could unknowingly join the attacker’s Zoom meeting.”

So yea, if you’re on a Mac and at one point in time had Zoom installed on your machine, immediately head into your Zoom settings and toggle “turn off my video when joining a meeting.” It’s either that or having some rando that probably looks like Curtis watching you from your webcam.

UPDATE: Zoom released a patch on July 9 that should resolve this whole mess.

Have any thoughts on this? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Founder & Editor. Email me at kevin@knowtechie.com

Comments

More in News