Zoom Vulnerability: If you’ve ever had Zoom installed on your Mac, you should be careful now: the video conferencing software has a problem. Attackers can use a Zoom vulnerability to activate your webcam without being asked – even if the program is uninstalled. Security researcher Jonathan Leitschuh has discovered a Zoom vulnerability. He reported about it in an article on the online platform Medium.
Specifically, it is about the following: Anyone who uses a Mac and has ever installed the Zoom video conferencing software is affected by the problem. The security gap is also gaping if the program has been uninstalled in the meantime. More than four million users are affected. That’s not surprising. Zoom itself claims that over 750,000 companies use office software.
Zoom Vulnerability: Spies Can Force Mac Users To Video Call
Leitschuh writes that spies can force software users to make a video call without notice. So you can turn on our camera. All the attackers have to do is get us to click on a link that invites us to video chat. A local webserver is also set up when Zoom is installed. Anyone can then interact with this as soon as users participate in a video chat.
That’s why, according to Leitschuh, the vulnerability continues to exist even after deinstallation: If users remove the web app, the server remains in place and automatically reinstalls the software when there is a new video chat request.
Zoom Vulnerability: Is The Company To Blame?
The US company Zoom wanted to make its video conferencing software as easy as possible for its users. That is why the company’s developers have produced several major security holes. Because until recently, it was possible to automatically add a user to a video chat – even without their consent.
So is the company itself responsible for the Zoom vulnerability? Already. The company explained to ZDNet that Apple’s Safari browser probably asked for user confirmation every time Zoom was used. And Zoom wanted to change that.
At least the developers seem to have done something about the security gap: the program now asks whether the camera should be activated. Zoom also stated that it wanted to take further steps in a blog post.
What Can Users Do Against The Zoom Vulnerability?
Leitschuh says that you can use the terminal command of -i:19421 to check whether a local web server is listening on port 19421. The Terminal is invoked by clicking on “Programs” in the Dock, selecting Utilities, and then Terminal.
According to current information, if this is the case, the system is probably vulnerable. This web server can namely reinstall the uninstalled Zoom application. If an attacker also finds vulnerabilities in the Zoom code, he can remotely install malicious code and access our camera without being asked.
You should then end this server process and delete the .zoomus directory on the safe side. To prevent possible new installations, users should also set up an empty .zoomus directory in the same place. Alternatively, you can also click on the line “Turn off my video when joining a meeting” in the settings. Then the camera should not start with an unwanted video chat.
This Is What A Holistic Solution Can Look Like
Ultimately, Leitschuh believes that the local webserver solution would probably have to be removed for complete user protection.
“Ultimately, Zoom was unable to confirm the vulnerability quickly, nor did they manage to fix the problem in time and distribute an update to users,” writes the security researcher in conclusion.
Apple Fixes The Problem
Apple has now taken care of closing the security gap itself. The company told the TechCrunch technology site that it had removed the corresponding web server, which initially remained on the computer after uninstalling Zoom.