Zoom video conferencing software has more problems than a secret Web server on the Mac. Even on Windows, websites you visit may be filming without your permission. All you have to do is click on a link. This problem also affects Macs.
While earlier reports indicated that Zoom's issues were specific to MacOS, Windows is also vulnerable. If Zoom is configured to turn your camera on in meetings by default, someone can embed a zoom link in a web page and record it instantly. This would work on either Windows or Mac.
Zoom insists that there is "no evidence that this ever happened". The company considers this a feature and states that you have been given permission if your Zoom client is configured to automatically turn on your webcam when you join a meeting.
The proof-of-concept website by Jonathan Leitschuh demonstrates this. If you have installed the zoom software and are accessing the website, the zoom software starts, automatically participates in the meeting, and begins recording with your webcam. In the case of macOS, this behavior will be displayed even if you have previously uninstalled Zoom, since Zoom will run on a secret Web server after uninstalling. But even under Windows, Zoom will start if you have it currently installed.
At first, Jonathan Leitschuh's middle contribution seemed to indicate that this problem only existed under MacOS. However, in a tweet, he clarified something else:
IND WINDOWS & MAC USERS 🚨
If you've checked this box in a browser other than Safari, you're also vulnerable. pic.twitter.com/FbG2efEe0R
̵1; Jonathan Leitschuh (@JLgliding shoe) July 9, 2019
We tested this by installing the Zoom software and its proof-of -Concept website using Google Chrome.
The first time you visit, you'll be asked to open the Zoom app – assuming you have not installed Zoom. If you enable "Always open this type of links in the app", you will experience problems. This is a box that almost anyone would consider to skip extra clicks in the future.
The next time we visited the site, Zoom automatically came to our meeting and launched our webcam. We did not click on any prompts and did not approve. Without your intervention, malicious websites could easily record you as long as you have installed Zoom.
You will see the zoom window and it is clear that you are being recorded. However, a malicious Web site could take some of your videos before you finish videoconferencing.
This is a big problem. We recommend uninstalling Zoom if you do not use it frequently. If it needs to be installed, you can enable the "Disable video when attending meetings" option on the "Video" tab in the "Zoom" window to prevent this.
Under macOS, do not forget to search for the webserver and uninstall it as well.
Unfortunately, Zoom's official response to the situation seems to indicate that the company sees this as a function rather than a problem. Hopefully, it will soon understand the full severity of the problem and change course.
RELATED: How To Determine If Zoom Is Running (And Removing) A Secret Web Server On Your Mac