A Flaw in the Popular Zoom App
Everyone in today’s world blindly relies on video conferencing for communication. There are thousands of video conferencing apps available on the Internet. Still, users prefer downloading the ones which are either developed by a brand name or have high ratings and reviews on the Apple App Store or Google Play Store.
Zoom is one such trusted video conferencing application specially designed for iOS and Android devices which let users communicate anytime, anywhere.
Despite giving flawless communication capabilities, recently, a security researcher has found an inconsistency in the Zoom app. The app can be used to turn on the Macintosh computer camera without users’ permission.
The vulnerability in the Mac computer allows any malicious website to enable the Mac camera and forcibly join a user to a Zoom call. Due to this flaw in the Zoom app, up to 750,000 companies across the world that uses the app for their day-to-day business meetings have been exposed.
Let’s find out what more this Zoom App flaw is capable of.
User is in Complete Control
In one of the recent articles, Leitschuh, a senior software engineer at Gradle demonstrated how to embed a code on any website so that whosoever lands to that website automatically gets connected to the Zoom meeting with their video cameras running.
However, Zoom’s Chief Information Officer Richard Farley contradicted Leitschuh’s statement in his latest post and disagreed with the fact that the meeting could turn on a participant’s video by default.
Farley wrote that the hosts or participants cannot override the users’ video or audio calls in the middle without getting the camera on or in an off mode. He mentioned that it is difficult for a rogue user to hide their identity and their participation in video conferencing.
He added that the zoom client user interface runs in the foreground, it would be extremely easy to detect that an unknown person has unintentionally joined a meeting. Moreover, in the next zoom upgrade, users can apply settings to their first as well as future video sessions as per their convenience.
Target on Zoom’s Back
According to Leitschuh, it was found that the vulnerability could be used to launch a denial-of-service attack on an individual machine. By doing so, the Mac user would get repeated meeting requests which eventually leads to locking up the computer.
However, Farley denied and said there is no such indication or evidence that this incidence has ever happened in any individual’s Mac. He acknowledged that Zoom released a fix for the problem long back, but the users were not forced to update considering it was a low-risk vulnerability.
Leitschuh isn’t alone and targetting Zoom for the inconsistency, there are other researchers as well who are accepting the fact.
Working Around Poor UX
Farley denoted the “issues” as “changes” stated by Leitschuh, and clarified that before joining any video calling, users were required to confirm they wanted to launch the Zoom client every time they joined a meeting. However, the local web servers were allowed to skip the step and directly join the meeting.
He added that it is a legitimate solution that enables users to have faster and one-click-to-join meetings. This is not easy to remove both the Zoom client and Web server app downloaded on a Mac. However, Farley added, that after the new launch it will be easier to uninstall and deactivate the setting that turns on the camera automatically upon joining a meeting. The user can easily disallow the browser from logging in the Zoom app.
For Mac users who use Zoom frequently, it would be bad news as this vulnerability could result in a privacy nightmare in case their Mac is used for personal reasons. A casual browsing session can be turned into a serious invasion of privacy in the home due to this glitch such as:
- Personal video leaks
- Online credit card information leakage
- Business information can also be leaked which can be too dangerous for the company
How to Avoid Issues!
In order to avoid such issues, it is advisable to update your Zoom app on a regular basis. It is because the upgraded versions often provide Mac or desktop users the new features that are extremely useful.
Simply, login to your Zoom app, click on the name of the Zoom room you want to upgrade, click on the upgrade all option, and confirm the upgrade. Soon, you’ll see that the app version has been upgraded!