A nasty Zoom security flaw lets any website turn on your Mac’s camera without you ever knowing
The latest comes from security researcher, Jonathan Leitschuh, who lays out the details in a Medium post explaining a crazy zero-day vulnerability that lets any malicious website basically hack your Mac’s webcam without your permission. Yea, uh, not good.
This Zoom vulnerability is bananas. I tried one of the proof of concept links and got connected to three other randos also freaking out about it in real time. https://t.co/w7JKHk8nZypic.twitter.com/arOE6DbQaf
— Matt Haughey (@mathowie) July 9, 2019
For those of you out of the loop, Zoom is an extremely popular cloud-based video conference platform that offers people and businesses chat, video, and audio conferencing tools. It’s basically like Google Meet, but a lot more popular. Roughly four million users use it for Mac, which is the prime target for this vulnerability.
As to how the hack works, Leitschuh sums it up here in his blog post:
“This vulnerability leverages the amazingly simple Zoom feature where you can just send anyone a meeting link… and when they open that link in their browser their Zoom client is magically opened on their local machine.
There’s a whole lot more to this security flaw, so here’s a quick rundown of everything you need to know:
- The flaw was first discovered by Leitschuh back in March
- Even if the user had the Zoom client uninstalled on their Mac, the app could easily be reinstalled
- For a quick fix to patch up the vulnerability, Leitschuh recommends users go into their settings and switching off “turn off my video when joining a meeting”
That last bullet point is the best way to protect yourself from this security flaw, as of right now. Zoom still doesn’t have the best solution for this yet, which they admitted to Forbes.
“If an attacker is able to trick a target user into clicking a web link to the attacker’s Zoom meeting ID URL, either in an email message or on an internet web server, the target user could unknowingly join the attacker’s Zoom meeting.”
So yea, if you’re on a Mac and at one point in time had Zoom installed on your machine, immediately head into your Zoom settings and toggle “turn off my video when joining ameeting.” It’s either that or having some rando that probably looks like Curtis watching you from your webcam.
- Another Florida city has agreed to pay a massive ransom to hackers
- Hollywood Hacks: Remembering that time NCIS gave us the greatest hacking scene ever
- Hackers have stolen years worth of phone records in a “massive espionage campaign”
- Radiohead just flexed on hackers by releasing 18 hours of pirated music