Tech & Science: Hackers can hijack your Mac webcam with Zoom. Here’s how to prevent it. - PressFrom - United Kingdom
  •   
  •   

Tech & ScienceHackers can hijack your Mac webcam with Zoom. Here’s how to prevent it.

12:20  12 july  2019
12:20  12 july  2019 Source:   vox.com

OnePlus 7 Pro camera upgrades reportedly coming

OnePlus 7 Pro camera upgrades reportedly coming HDR and lowlight photography on the OnePlus 7 Pro will get a boost, a report says.

Here ’ s how to prevent it . If you have a Mac and you have ever used Zoom video conferencing, you might have a problem. In other words, if you have Zoom installed on your Mac — or if you ever had it — a website could spy on you or undertake a denial of service (DoS) attack, where a bad actor

Here ’ s how to prevent it . If you have Zoom installed on your Mac — or if you ever had it — a website could spy on you Here is, basically, what Leitschuh uncovered: This vulnerability allows any website to forcibly join a user to a Zoom call, with their video camera activated, without the user’s permission.

Hackers can hijack your Mac webcam with Zoom. Here’s how to prevent it. © Kena Betancur/Getty Images Less than three months after its IPO, Zoom is facing questions about a major security vulnerability.

If you have Zoom installed on your Mac — or if you ever had it — a website could spy on you or undertake a denial of service attack.

If you have a Mac and you have ever used Zoom video conferencing, you might have a problem — though as of Thursday both Zoom and Apple say they’re fixing it.

On Monday, security researcher Jonathan Leitschuh publicly disclosed a vulnerability in the video-conferencing program Zoom that apparently would allow someone to turn on your Mac’s webcam and force you to join a Zoom call without your permission. In a Medium post, Leitschuh said he initially disclosed the vulnerability to Zoom on March 26, 2019, but the company still failed to resolve it beyond an initial fix he’d first suggested.

The Huawei P30 Pro is banned, so here are four great alternative phones

The Huawei P30 Pro is banned, so here are four great alternative phones The US ban on Huawei casts a dark shadow over one of the best phones this year. But here are some worthy alternatives for photos and video.

The problem lies is how Zoom allows whoever sets up the call—be that someone creating a In his Medium post, Leitschuh provided a set of mitigations you can follow to remove the web server from your Mac . Leitschuh communicated with Zoom throughout his disclosure process about the issues, he It also adds that Zoom will now more readily allow users to manually uninstall the application

Video conferencing app Zoom has a major security issue that could allow anyone to target your webcam by adding you to a video call without your permission. It ’ s a serious flaw in the Skype competitor

Here is, basically, what Leitschuh uncovered:

This vulnerability allows any website to forcibly join a user to a Zoom call, with their video camera activated, without the user’s permission.

On top of this, this vulnerability would have allowed any webpage to DOS (Denial of Service) a Mac by repeatedly joining a user to an invalid call.

Additionally, if you’ve ever installed the Zoom client and then uninstalled it, you still have a localhost web server on your machine that will happily re-install the Zoom client for you, without requiring any user interaction on your behalf besides visiting a webpage. This re-install ‘feature’ continues to work to this day.

In other words, if you have Zoom installed on your Mac — or if you ever had it — a website could spy on you or undertake a denial of service (DoS) attack, where a bad actor could basically hit a user with a barrage of meeting requests and lock up his or her computer. As The Verge explains it, the Zoom app “installs a web server on Macs that accepts requests regular browsers wouldn’t.”

NASA set up a webcam so you can watch them build the Mars 2020 rover

NASA set up a webcam so you can watch them build the Mars 2020 rover NASA's mission to Mars in 2020 is a very, very big deal. After the death of Opportunity a number of months back, NASA has just one rover left on the Red Planet and Curiosity isn't exactly a spring chicken.

Videoconferencing firm Zoom Video Communications Inc. has issued a fix for a vulnerability that could allow a hacker to hijack a webcam on a Mac Detailed by security researcher Jonathan Leitschuh, the vulnerability exploits a feature in the Mac Zoom client that allows users to join a video conference

Update: Zoom says it has a series of updates planned to address these security concerns. A new zero-day vulnerability has been disclosed for the Zoom video conference app on the Mac . In a post on Medium, security researcher Jonathan Leitschuh outlined the flaw

On Monday, people started to try out the vulnerability … and it worked.

Leitschuh said that when he initially flagged the vulnerability, Zoom defended itself by implying it wanted customers to be able to choose to join a meeting with their microphone and video automatically enabled. But if someone doesn’t get the option to join the meeting in the first place, that’s not much of a choice. According to Leitschuh, Zoom made attempts to patch the vulnerability by preventing an attacker from turning on a video camera, but he was able to discover workarounds that would permit an attacker to force a target to join a call and activate their webcam.

Hijack Hoax Lands Business-Class Flyer in Jail for Life

Hijack Hoax Lands Business-Class Flyer in Jail for Life An Indian court sentenced a business class passenger to life in jail after he was found guilty of placing a hijacking note in the washroom of a flight, the first such ruling under a new law. Birju Kishor Salla, 38, was also fined 50 million rupees ($720,000/£565,000), which will be distributed among pilots, crew and passengers, a special court of the National Investigation Agency said in a judgment on Tuesday. The passenger, who was flying on a Jet Airways India Ltd. flight to New Delhi from Mumbai in 2017, was found guilty of intentionally disrupting the operations of an aircraft on board. “Flight No.

Apple has quietly issued an update to fix the weakness in Mac video-conferencing app Zoom that could let hackers take over the camera on your Mac . Security researcher Jonathan Leitschuh revealed this week that Zoom makes it possible for websites to How to uninstall zoom completely.

Major Zoom video conference vulnerability could allow websites to hijack your Mac ’ s webcam . When you install the Zoom app on your Mac , it also installs a web server, which “accepts requests So how can you protect yourself? The easiest way is to go into the Zoom settings window and enable

This is a big deal: The flaw could expose up to 750,000 companies and the millions of people who use Zoom.

In response to a request for comment on Monday, Zoom initially pointed Recode to a blog post from the company’s chief information security officer Richard Farley, in which he disputed some of Leitschuh’s claims and downplays the severity of the vulnerability. But in a separate post on Wednesday, Zoom founder and CEO Eric Yuan said the company had “misjudged the situation” and failed to act quickly enough. He said that on Tuesday, Zoom had updated its Mac app to remove the local web server and allow users to manually uninstall Zoom, and on Wednesday, Apple itself issued an update to remove the Zoom web server from all Macs. Yuan said Zoom has a “planned release” for the weekend that will “address video on by default.” Basically, when you use Zoom for the first time, you can select to always turn our video off, and that will be the saved preference.

Farley on Monday explained how this happened in the first place: Zoom said it developed a local web server as a “workaround” after Apple changed its Safari web browser to require users to confirm they wanted to join video calls before launching them. He defended the decision as a “legitimate solution to a poor user experience, enabling our users to have seamless, one-click-to-join-meetings, which is our key product differentiator.”

Southampton attempted to hijack Villa deal for El Ghazi

Southampton attempted to hijack Villa deal for El Ghazi Southampton made an attempt to hijack Aston Villa’s deal to sign Anwar El Ghazi this month. According to Sunday Times journalist Duncan Castles, Southampton tried to swoop in with an offer for El Ghazi before Villa signed him permanently. Twitter: Everton and Southampton made offers to Lille for Anwar El Ghazi before Aston Villa exercised an €8m option to make… https://t.co/alGjibhBG5 (@DuncanCastles) El Ghazi spent last season on loan to Villa in the Championship from Ligue 1 side Lille, where he found the back of the net six times and set up a further six – including a goal in the play-off final against Derby County at Wembley.

This will prevent a hacker from accessing your camera if you are sent a suspicious meeting link. Update, update, update. Be sure to manually install the latest Zoom update to prevent DoS or other potential attacks. Don't let hackers hijack your Mac ' s camera !

While we wait for the Zoom developers to do something about the vulnerability, users can take steps to prevent the vulnerability themselves by disabling the setting that allows Zoom to turn on your Mac ' s camera when joining a meeting. Note that simply uninstalling the app won't help, because Zoom

Yuan said that to make sure something like this doesn’t happen again, that within the next few weeks it will go live with a program for the public to disclose system vulnerabilities and the company will take steps to improve its escalation process when issues are uncovered.

Judging by the way users reacted to the initial news of the flaw, Zoom has some work to do to regain confidence:

What to do about Zoom

Leitschuh outlined how to patch the vulnerability in his Medium post. Basically, you can disable by default Zoom’s ability to turn on your webcam when you join a meeting. He also laid out some terminal commands at the bottom of the post and explained how to test whether your fix is working.

Zoom, which was founded in 2011, went public in April — after Leitschuh first flagged this flaw. The company beat estimates during its first quarterly earnings report as a public company in June and has been among the best-performing tech IPOs of the year. It’s not yet clear how this vulnerability will affect its business overall. The company’s stock price fell by about 1 percent on Tuesday but has since rebounded.

Everton looking to hijack West Ham deal for Gomez with £33m bid.
Everton have made a £33m bid for Celta Vigo striker Maxi Gomez as they look to hijack West Ham’s deal for the forward. According to Spanish journalist Julio Insa, via The Daily Star, Everton have offered £33m in an attempt to steal a march on West Ham and Valencia. The report claims that Everton have moved on to Gomez after they missed out on signing Che Adams from Birmingham. The striker joined fellow Premier League side Southampton for £16m earlier this week.

—   Share news in the SOC. Networks

Topical videos:

usr: 2
This is interesting!