Wolfhound Security: Zoom video vulnerability

I recommend Zoom to people for video conferencing. It has features I like, and Skype for Business didn't work for me, especially on a Mac. There's a new vulnerability in Zoom that might make me think that my recent dabbling with Teams might go further.

Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!

A vulnerability in the Mac Zoom Client allows any malicious website to enable your camera without your permission. The flaw potentially exposes up to 750,000 companies around the world that use Zoom to conduct day-to-day business.

Yes, there are options to Zoom. Amazon's Chime maybe?? I've tried Jitsi and that didn't seem too bad. Hard to say.

In the meantime -- as the Zoom article suggests, disable automatic video on connection to a conference, just in case.

And as always when yo have a camera setup:

don't point the camera at confidential information
if you do point it at a whiteboard, make sure you wipe it before walking away
think about what else a camera might tell an attacker
disconnect the camera when you're not using it, if you can
cover the camera when you're not using it

Monday, 8 July 2019

Zoom video vulnerability

A vulnerability in the Mac Zoom Client allows any malicious website to enable your camera without your permission. The flaw potentially exposes up to 750,000 companies around the world that use Zoom to conduct day-to-day business.