Millions of webcams at risk to spying can be secured after Zoom app issues fix

Security bug in video conference app means an estimated 4 million Apple Mac computers are at risk to cyber spies

Anthony Cuthbertson
Wednesday 10 July 2019 10:44 EDT
Comments
Webcams on Apple Mac computers were compromised by the security flaw with the Zoom app
Webcams on Apple Mac computers were compromised by the security flaw with the Zoom app (Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

A popular video conference app has issued a security fix after a researcher discovered a major flaw that allowed hackers to spy on people through their webcams.

The Zoom app used a local web server when installed on Mac devices, meaning people were able to join video calls without permission.

Software engineer Jonathan Leitschuh uncovered the security bug, which he estimated could affect more than 4 million people.

To address the issue, Zoom rolled out a patch on Tuesday that completely removes the local web server from Mac computers.

In order to implement the fix, users will need to update the app. Users will also be able to completely uninstall Zoom and remove the web server from their device by clicking on a new menu option labelled 'Uninstall Zoom'.

Zoom will also release a second update on Friday that will allow people to choose whether the video turns on by default when the app is opened up.

Zoom's initial response to the discovery was criticised by the researcher, who claimed the app was putting usability ahead of people's security.

After reporting the vulnerability to Zoom in March, Mr Leitschuh claimed the app responded slowly and only implemented a flawed "quick fix" solution that did not fully address the issue.

"Ultimately, Zoom failed at quickly confirming that the reported vulnerability actually existed and they failed at having a fix to the issue delivered to customers in a timely manner," he wrote.

"An organisation of this profile and with such a large user base should have been more proactive in protecting their users from attack."

A serious vulnerability with the Zoom video conference app could allow hackers to spy on people through their webcams
A serious vulnerability with the Zoom video conference app could allow hackers to spy on people through their webcams (Getty Images/iStockphoto)

After expressing his criticism in the blog post, Mr Leitschuh had subsequent conversations with Zoom that seem to have led to the security fix being issued.

"The conversation with the Zoom CEO... was incredibly productive," he tweeted on Tuesday.

"It feels like an about face on their previous position on this vulnerability. It's really encouraging to see a CEO willing to jump into a call with a bunch of strangers to take responsibility."

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in