- A former NSA hacker discovered two more bugs that can take control over Zoom app
- Wardleís new discoveries reveal that the bugs launched by local attackers can easily take control over a personís Mac.
- Earlier it was being reported that Zoom sends all its users data to Facebook
Zoom's popularity has skyrocketed in the past few months due to the coronavirus pandemic. With almost one-third of the world directed to work from home, Zoom has become the most-sought-after app that helps people meet their professional commitments. However, despite the adulation that the video conferencing app received over the due course of time, some major security flaws were discovered in the app. A former NSA hacker discovered two more bugs that can take control over Zoom user's Mac.
Ex-NSA hacker and now a principal security researcher Patrick Wardle discovered two new flaws in the Zoom app, as reported by Tech Crunch. Wardle's new discoveries reveal that the bugs launched by local attackers can easily take control over a person's Mac. While one bug can allow the attacker to inject malicious code into the Zoom installerthat would allow them to access the person's MacOS, the other bug could control the user's webcam and microphone.
So in the first bug, the attacker will be able to run malware and spyware on the computer but the user will not get to know anything about it. The second bug will fiddle with Zoom's handling of microphone and webcam. Before giving access to webcam and microphone, Zoom asks for the user's permission, in this case, the attacker will inject malicious code into the app which will trick it into giving them access to webcam and microphone that Zoom has retracted from the user. Following which the malicious code will inherit all of Zoom's access rights.
No additional prompts will be displayed, and the injected code was able to arbitrarily record audio and video. If you care about your security and privacy, perhaps stop using Zoom, Wardle was quoted as saying by Tech Crunch.
This wasn't the only flaw that was discovered in the increasingly popular Zoom video-conferencing app. Earlier it was being reported that Zoom sends all its users data to Facebook irrespective of the users having accounts on Facebook. It was also discovered that the calls being made through the app are not end-to-end encrypted. There have been cases of Zoom Bombing too in the past, which allows an unknown guest with nefarious intentions to enter a chatroom.
An FBI agent, Brad Garrett was quoted by ABC News as saying, "Cybercriminals are targeting video conferencing sites like Zoom, particularly during the COVID-19 pandemic. He alleged that cyber attackers target individuals and impersonate Zoom to illegally acquire information about them and their companies.
Reacting FBI's advisory, a Zoom spokesperson had said in a statement, We take the security of Zoom meetings seriously and we are deeply upset to hear about the incidents involving this type of attack. For those hosting large, public group meetings, we strongly encourage hosts to review their settings and confirm that only the host can share their screen."