Video conferencing App Zoom Left Apple Max Users Vulnerbable to Webcam Hackers
Zoom, a video conferencing app that went public earlier this year, left a security flaw open that would allow hackers to access and control Apple Mac webcams and microphones. Millions of Zoom users are affected by this vulnerability which was discovered by engineer Jonathan Leitschuh and posted on website Medium. Ringcentral users are also affected by this security bug.
How the Bug Works
The security bug allows hackers to initiate a video call with Mac users without their permission. It does this by taking advantage a call invitation feature. Zoom users can send conference call participants a link inviting them to join a voice or video call. Hackers are able to exploit this feature using Zoom to begin a video call through the app even if the invitee had not accepted. The device’s webcam could then be activated, without their permission.
The Zoom security bug could be further exploited to embed advertisements or be used as part of a phishing campaign.
Who Uses Zoom? ?
Zoom is a competitor to conferencing apps like Skype and Google Hangouts. The conferencing a app is used by individuals and corporations alike. It also has a product tailored for use in K – 12 schools. In 2015, over 40 million people had used Zoom according to the company. About 750,000 companies worldwide that use the video conferencing app including Uber, Nasdaq, the UD Department of Energy, and the US Department of Homeland Security. Zoom has free and paid plans available for larger users or more features.
Which Laptops are Affected by the Webcam Hack? ?
This security flaw only affects Apple Mac devices. It does not affect Android devices.
How Are Webcams Used to Spy? ?
Webcams can be hacked through cyber security flaws in hardware and software. Hackers take over webcams to spy on and record the whereabouts and activities of targets. This is not the first hack where webcams could be compromised and activated without the device owner’s knowledge. In May 2019, it was discovered that messaging app WhatsApp could be infected with malware that gave hackers access to the phone cameras as well as personal data on the infected device.
What is Zoom? ?
Zoom is an audio and video conferencing app for desktop and mobile devices. The company is headquartered in San Jose, California and is publicly traded as of spring 2019. Zoom is one of the most valuable IPOs of 2019, bigger than Lyft or Pinterest. The software is cloud based on works on Android and Apple devices. Zoom is used by individuals and companies for collaboration through video conferencing, voice calls, chat, and screen sharing conferences.
Is Zoom Safe to Use?
The flaw affects all Apple Mac users who use Zoom. Update all Zoom installations to safeguard computers. This issue was first reported to Zoom in March 2019, but the company did consider it as a security concern at the time.
According to Leitschuh, “ Additionally, if you’ve ever installed the Zoom client and then uninstalled it, you still have a localhost web server on your machine that will happily re-install the Zoom client for you, without requiring any user interaction on your behalf besides visiting a webpage. This re-install ‘feature’ continues to work to this day.”
The company was expected to release a security patch on 9 July to fix the flaw. Updating apps should prevent hackers from hijacking Mac webcams via Zoom.
How to Update MacBook Apps?
- Click the App Store icon in the dock to launch the Mac App store
- Click the Updates tab along the left-hand column of the Mac App Store window
- Check the Updates tab for a notification
- Choose which apps to accept patches for or click Update All to accept all available security updates
Michelle writes about cyber security as well as how to protect data online. She has worked in internet technology for over 20 years Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers