•   
  •   

Tech & Science Hackers can hijack your Mac webcam with Zoom. Here’s how to prevent it.

12:21  12 july  2019
12:21  12 july  2019 Source:   vox.com

IT Employee Fired After U.S. City Pays $460,000 Bitcoin Ransom

IT Employee Fired After U.S. City Pays $460,000 Bitcoin Ransom Lake City, Florida paid out a bitcoin ransom worth $US460,000 ($660,741) to hackers who disabled the city’s computer systems with sophisticated ransomware last month, hot on the heels of a $US600,000 ($861,836) ransom paid out in similar circumstances by Riviera Beach, Florida just weeks later. 

Here ’ s how to prevent it . If you have Zoom installed on your Mac — or if you ever had it — a website could spy on you or undertake a denial of service attack. Here is, basically, what Leitschuh uncovered: This vulnerability allows any website to forcibly join a user to a Zoom call, with their video

Here ’ s how to prevent it . Andyland Radio with Andrew Willis. July 9, 2019. In other words, if you have Zoom installed on your Mac — or if Hackers could take advantage of a flaw in your webcam ' s settings to not only hijack your camera but Zoom is an incredibly popular teleconferencing app for

Hackers can hijack your Mac webcam with Zoom. Here’s how to prevent it.© Kena Betancur/Getty Images Less than three months after its IPO, Zoom is facing questions about a major security vulnerability.

If you have Zoom installed on your Mac — or if you ever had it — a website could spy on you or undertake a denial of service attack.

If you have a Mac and you have ever used Zoom video conferencing, you might have a problem — though as of Thursday both Zoom and Apple say they’re fixing it.

On Monday, security researcher Jonathan Leitschuh publicly disclosed a vulnerability in the video-conferencing program Zoom that apparently would allow someone to turn on your Mac’s webcam and force you to join a Zoom call without your permission. In a Medium post, Leitschuh said he initially disclosed the vulnerability to Zoom on March 26, 2019, but the company still failed to resolve it beyond an initial fix he’d first suggested.

Five best smartphone buys for summer 2019

Five best smartphone buys for summer 2019 Looking for a hot summer smartphone buy? Here are five of the best. Google Pixel 3a: This is easily one of the best smartphone buys this summer. You get the great camera that Google is known for, an OLED display (typically not found on cheaper phones), and a headphone jack, which seems oddly like a premium feature in 2019. The 5.6-inch Pixel 3a starts at $399. Motorola Moto G7: One of the great things about the Moto G7’s is that it doesn’t look like a budget phone. And has a small, less-conspicuous dewdrop-style notch in the display.

It takes advantage of a flaw in your webcam ' s settings to not only hijack your camera but Zoom is an incredibly popular teleconferencing app for Mac systems that boasts an install base of millions of Leitschuh recommends a single setting be changed in Zoom ’ s menu that prevents the camera from

Here ’ s how to disable the security and privacy issues that lets an attacker hijack your Mac webcam through Zoom . However, if you click on those links and the Zoom app launches and you auto-join a meeting and your camera turns on automatically, then hackers could —in theory—spy on you that way.

Here is, basically, what Leitschuh uncovered:

This vulnerability allows any website to forcibly join a user to a Zoom call, with their video camera activated, without the user’s permission.

On top of this, this vulnerability would have allowed any webpage to DOS (Denial of Service) a Mac by repeatedly joining a user to an invalid call.

Additionally, if you’ve ever installed the Zoom client and then uninstalled it, you still have a localhost web server on your machine that will happily re-install the Zoom client for you, without requiring any user interaction on your behalf besides visiting a webpage. This re-install ‘feature’ continues to work to this day.

In other words, if you have Zoom installed on your Mac — or if you ever had it — a website could spy on you or undertake a denial of service (DoS) attack, where a bad actor could basically hit a user with a barrage of meeting requests and lock up his or her computer. As The Verge explains it, the Zoom app “installs a web server on Macs that accepts requests regular browsers wouldn’t.”

Australian researchers just released the world's first AI-developed vaccine and it could prevent another horror flu season

Australian researchers just released the world's first AI-developed vaccine and it could prevent another horror flu season Researchers at Flinders University have developed a new vaccine believed to be the first in the world to be designed by artificial intelligence (AI). While drugs have been designed using computers before, this vaccine went one step further being independently created by an AI program called SAM (Search Algorithm for Ligands). How To Get A Home Loan With 5% Deposit Find out more on Finder Ad Finder.com.

More details here , and original story follows. Using Leitschuh’ s demo, we have confirmed that the vulnerability works — clicking a link if you You can “patch” the camera issue yourself by ensuring the Mac app is up to date and also disabling the setting that allows Zoom to turn your camera on when

Hackers can send you a malicious calendar invite and restart your device. They can run their own code. "An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated," the page noted. And a bunch of other

On Monday, people started to try out the vulnerability … and it worked.

Leitschuh said that when he initially flagged the vulnerability, Zoom defended itself by implying it wanted customers to be able to choose to join a meeting with their microphone and video automatically enabled. But if someone doesn’t get the option to join the meeting in the first place, that’s not much of a choice. According to Leitschuh, Zoom made attempts to patch the vulnerability by preventing an attacker from turning on a video camera, but he was able to discover workarounds that would permit an attacker to force a target to join a call and activate their webcam.

Google launches review after leak of audio conversations

Google launches review after leak of audio conversations Google said it was conducting an internal review after it discovered confidential audio had been leaked by a contractor of private conversations with its digital assistant. 

While we wait for the Zoom developers to do something about the vulnerability, users can take steps to prevent the vulnerability themselves by disabling the setting that allows Zoom to turn on your Mac ' s camera when joining a meeting. Note that simply uninstalling the app won't help, because Zoom

Zoom developers almost certainly intended the behavior to make it easier to use the Web conferencing app. Some media reports and social media commentators have said this behavior allows websites to " hijack " a Mac webcam . I'd argue that' s a stretch since (1) it ' s fairly obvious that Zoom is opening

This is a big deal: The flaw could expose up to 750,000 companies and the millions of people who use Zoom.

In response to a request for comment on Monday, Zoom initially pointed Recode to a blog post from the company’s chief information security officer Richard Farley, in which he disputed some of Leitschuh’s claims and downplays the severity of the vulnerability. But in a separate post on Wednesday, Zoom founder and CEO Eric Yuan said the company had “misjudged the situation” and failed to act quickly enough. He said that on Tuesday, Zoom had updated its Mac app to remove the local web server and allow users to manually uninstall Zoom, and on Wednesday, Apple itself issued an update to remove the Zoom web server from all Macs. Yuan said Zoom has a “planned release” for the weekend that will “address video on by default.” Basically, when you use Zoom for the first time, you can select to always turn our video off, and that will be the saved preference.

Farley on Monday explained how this happened in the first place: Zoom said it developed a local web server as a “workaround” after Apple changed its Safari web browser to require users to confirm they wanted to join video calls before launching them. He defended the decision as a “legitimate solution to a poor user experience, enabling our users to have seamless, one-click-to-join-meetings, which is our key product differentiator.”

Your Inbox Is Spying on You

Your Inbox Is Spying on You Call it the Five Stages of Privacy Erosion. Tech Company builds popular product. Product is exposed in the press for doing something shady behind the scenes. Tech Company apologizes/clarifies/signals a fix. Brief phase of collective rejoicing and moving on. It’s revealed (usually by the same people) that Product was never really fixed. © Getty Unknown incoming phone call on phone That’s the rough trajectory of two recent privacy stories in just the past week. The first is an update to a story I wrote about last month regarding Google quietly monitoring and storing all your purchases across sites like Amazon.

Yuan said that to make sure something like this doesn’t happen again, that within the next few weeks it will go live with a program for the public to disclose system vulnerabilities and the company will take steps to improve its escalation process when issues are uncovered.

Judging by the way users reacted to the initial news of the flaw, Zoom has some work to do to regain confidence:

What to do about Zoom

Leitschuh outlined how to patch the vulnerability in his Medium post. Basically, you can disable by default Zoom’s ability to turn on your webcam when you join a meeting. He also laid out some terminal commands at the bottom of the post and explained how to test whether your fix is working.

Zoom, which was founded in 2011, went public in April — after Leitschuh first flagged this flaw. The company beat estimates during its first quarterly earnings report as a public company in June and has been among the best-performing tech IPOs of the year. It’s not yet clear how this vulnerability will affect its business overall. The company’s stock price fell by about 1 percent on Tuesday but has since rebounded.

Read more

Rain halts Aust's charge in women's Ashes.
Australia hold the upper hand in the women's Ashes Test against England but rain has hindered their charge at Taunton.

—   Share news in the SOC. Networks

Topical videos:

usr: 0
This is interesting!