[ad_1]
Researcher finds two new bugs in Zoom that lets hackers take over a computer’s webcam and microphone as the video conferencing service is hit with a string of security compromises
- Two flaws discovered in Zoom expose audio and video feeds
- A researcher says that to exploit the flaws a hacker must have local access
- One exploit gives hackers root access to the target machine
A researcher discovered two new flaws in video conferencing app Zoom that allow hackers to hijack users’ webcam and their microphone.
The flaws were disclosed this week in a report from Patrick Wardle – a former NSA hacker and current principal security researcher at Jamf – and are the latest in a string of security compromises highlighted in recent months.
Those previously identified bugs allowed hackers to steal Windows passwords and also another security access compromised security on Mac devices by allowing hackers to tap into users’ webcam and microphone.
A researcher as found two new flaws in video conferencing app Zoom that lets hackers tap into audio and video feeds. Pictured: Zoom CEO Eric S. Yuan
Two new flaws in video conferencing app, Zoom, expose audio audio and video feeds according to an ex-NSA hacker. Pictured, Zoom CEO Eric Yuan, seen here at the firm’s IPO in New York last April
A new set of flaws detailed by Wardle and highlighted by TechCrunch involve a hacker gaining physical access to a victim’s computer running MacOS.
Once a hacker has access to the machine, they can exploit flaws in Zoom’s installer to gain root access to the device.
From there, the attacker would have access to the underlying operating system and could easily install and run malware or spyware without being detected.
A second bug identified by Wardle, which also involves physical access to the machine, compromises audio and video feeds in Zoom.
By injecting malicious code into Zoom, Wardle says a hacker could trick the service into handing over webcam and microphone access to another user.
‘No additional prompts will be displayed, and the injected code was able to arbitrarily record audio and video,’ writes Wardle in his post.
The bugs, reported by Wardle on Wednesday, have not yet been patched since
‘Given the current worldwide pandemic and government sanctioned lock-downs, working from home has become the norm for now. Thanks to this, Zoom, ‘the leader in modern enterprise video communications’ is well on its way to becoming a household verb, and as a result, its stock price has soared!,’ writes Wardle in a post.
‘However if you value either your (cyber) security or privacy, you may want to think twice about using (the macOS version of) the app.’
[ad_2]
READ SOURCE
