Home Apple Mac Exploit Activates Web Cam Without your Permission

Mac Exploit Activates Web Cam Without your Permission

The Mac version of Zoom, a video conferencing app, has serious flaws left unaddressed despite disclosures. When visiting a malicious website, hackers can activate your camera without permission. If you uninstalled Zoom, the malicious site can reinstall it without your interaction.

Security researcher, Jonathan Leitschuh, noticed that Zoom has the capability to auto-join and start a video session just by visiting a link. He wondered how the company securely accomplished the feat and investigated. He quickly found out that that Zoom’s methods weren’t secure at all.

When you install Zoom on a Mac, it creates a web server on your machine. The web server is problematic on multiple levels. With just a few options, Leitschuh put together a proof of concept website. If you have Zoom installed and visit that website, you will be auto-joined to a call, and your webcam activated without any interaction on your part—even if you closed Zoom before clicking the link.

Worse yet, uninstalling Zoom doesn’t remove the web server. The web server can reinstall Zoom on its own as well. So if you visit a malicious link, it can reinstall Zoom, join you to a call, and start your webcam, all without any interaction from you.

You can test this at Leitschuh’s proof of concept, but be advised if you have Zoom installed your camera will start, and you’ll find yourself joined to a call with other people testing the site. Leitschuh notified Zoom of his findings along with a 90-day disclosure grace period. Unfortunately, the company didn’t do much to fix the problem.

Initially, the company brushed the whole thing off as part of the features it supports. Zoom eventually implemented a mild fix that prevents the camera from turning on, but malicious actors can still force users to join a call and reinstall Zoom.

Richard Sabinohttp://itspecialistdr.com
I like to share Information Technology News and how-to tips with all the people around me. I created this blog to reach the most people I can.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Must Read

Microsoft Azure Virtual Training Day: Fundamentals

(adsbygoogle = window.adsbygoogle || ).push({}); Today we're...

Eliminate background noise from conference calls with Krisp for free

Krisp is an AI-powered filter that virtually eliminates background noise, letting your work-from-home experience be a little more pleasant and professional.

Microsoft is offering free certification voucher

(adsbygoogle = window.adsbygoogle || ).push({}); If you have been desiring to...

How to share your Calendar in Outlook with someone else

(adsbygoogle = window.adsbygoogle || ).push({}); Have you ever been struggling in...

A San Francisco church file a lawsuit against Zoom claiming the company is failing to protect users

An online Bible study session has been victim of Zoom-bombing which led this San Francisco Church to file a lawsuit against Zoom...

Google removed 813 creepware apps from the Android Play Store

(adsbygoogle = window.adsbygoogle || ).push({}); NortonLifeLock and researchers from the New...

Microsoft stopped the release of Windows 10 32-Bit Build for new PC

(adsbygoogle = window.adsbygoogle || ).push({}); There are signals that Microsoft is...