News
A nasty Zoom security flaw lets any website turn on your Mac’s camera without you ever knowing
Yikes.
Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.
Webcams were a mistake. Seriously, there are so many reasons why. But thinking of a few off the top of my head – there’s this, this, and this. Are you with me now? Well, the hits keep on coming.
The latest comes from security researcher, Jonathan Leitschuh, who lays out the details in a Medium post explaining a crazy zero-day vulnerability that lets any malicious website hack your Mac’s webcam without your permission. Yea, uh, not good.
https://twitter.com/mathowie/status/1148391109824921600
For those of you out of the loop, Zoom is an extremely popular cloud-based video conference platform that offers people and businesses chat, video, and audio conferencing tools. It’s basically like Google Meet, but a lot more popular. Roughly four million users use it for Mac, which is the prime target for this vulnerability.
As to how the hack works, Leitschuh sums it up here in his blog post:
“This vulnerability leverages the amazingly simple Zoom feature where you can just send anyone a meeting link… and when they open that link in their browser their Zoom client is magically opened on their local machine.
There’s a whole lot more to this security flaw, so here’s a quick rundown of everything you need to know:
- The flaw was first discovered by Leitschuh back in March
- Even if the user had the Zoom client uninstalled on their Mac, the app could easily be reinstalled
- For a quick fix to patch up the vulnerability, Leitschuh recommends users go into their settings and switching off “turn off my video when joining a meeting”
Image: KnowTechie
That last bullet point is the best way to protect yourself from this security flaw, as of right now. Zoom still doesn’t have the best solution for this yet, which they admitted to Forbes.
“If an attacker is able to trick a target user into clicking a web link to the attacker’s Zoom meeting ID URL, either in an email message or on an internet web server, the target user could unknowingly join the attacker’s Zoom meeting.”
So yea, if you’re on a Mac and at one point in time had Zoom installed on your machine, immediately head into your Zoom settings and toggle “turn off my video when joining a meeting.” It’s either that or having some rando that probably looks like Curtis watching you from your webcam.
UPDATE: Zoom released a patch on July 9 that should resolve this whole mess.
Have any thoughts on this? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.
Editors’ Recommendations:
- Another Florida city has agreed to pay a massive ransom to hackers
- Hollywood Hacks: Remembering that time NCIS gave us the greatest hacking scene ever
- Hackers have stolen years worth of phone records in a “massive espionage campaign”
- Radiohead just flexed on hackers by releasing 18 hours of pirated music
Follow us on Flipboard, Google News, or Apple News
