Sign In

Communications of the ACM

ACM TechNews

A Zoom Flaw Gives Hackers Easy Access to Your Webcam


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
Zoom Video Communications provides remote conferencing services via the cloud.

Hackers can still exploit vulnerabilities in the Zoom videoconferencing desktop app to commandeer a user's Webcam, a security researcher warns.

Credit: Mark Lennihan/AP

Security researcher Jonathan Leitschuh warns hackers can exploit vulnerabilities in the Zoom videoconferencing desktop app to commandeer a user's Webcam.

Using this technique, attackers can set up a malicious call and fool Zoom users on Apple computers into clicking a link to participate, then add their video feed to monitor whatever the Webcam is directed toward.

Leitschuh said hackers also could launch denial-of-service attacks against Mac computers, using the same technique to inundate them with 'join' requests.

Although Zoom patched this flaw several months ago, it is only now adjusting auto-join video settings, to give users a more prominent way of opting to have video feed automatically launch when they click a call link.

Leitschuh said the patch cannot resolve privacy issues, or the underlying insecurity of the seamless flow that allows Zoom to launch calls from meeting URLs.

From Wired
View Full Article

 

Abstracts Copyright © 2019 SmithBucklin, Washington, DC, USA


 

No entries found