Zoom and RingCentral Exploits Allow Remote Webcam Access

Originally published at: https://tidbits.com/2019/07/09/zoom-and-ringcentral-exploits-allows-remote-webcam-access/

Video conference systems Zoom and RingCentral have major vulnerabilities that could trigger your Web cam without permission. Here’s how to patch it yourself.

1 Like

Thanks for bringing us the solution for this! I use it weekly for a class I teach, and it has worked really well. I have always hosted, though, never joined someone else’s session. All of the specifics and instructions in your article made perfect sense, but when I came to this sentence…

I’m able to still join conferences, but you may have to install the client yourself before joining a conference (the horror!)

I guess I’m reading it wrong, but I’m left asking, “Does Josh mean ‘If you’ve never used Zoom, you may have to install the app but then disable part of it by following these instructions; just using your regular browser won’t/may not work’?”

Thanks again.

Zoom has updated its statement, and is now rushing out an update that will remove the Web server. We’ll update our instructions when that happens.

The purpose of the Web server is to reinstall the client if you’ve uninstalled it, so you may have to take a few more steps to join a conference if you’ve uninstalled the app. I’d rewrite it to be clearer, but when Zoom updates the app to remove the Web server I’ll have to rewrite the article anyway, so…

Blue Jeans uses the same nonsense, and the app has not been updated to remove it (so far, from what I can see):

https://support.bluejeans.com/s/article/BlueJeans-Detector-Service

1 Like

All of the terminal commands are a bit of overkill; there’s a much simpler way to deal with this. Go to System Preferences --> Users & Groups --> Login Items. You’ll see “Zoom Opener” listed there - just select it and click the “-” to delete it. Then log out or restart your Mac. That will stop the background server from running automatically, but the file will still be in a hidden “.zoomus” folder (to delete that, the terminal command is still useful, but it won’t do anything if you leave it there).

Zoom has released a new version of its client, version 4.4.4 (53932.0709), which offers a complete uninstall option and ditches the hidden server. I’ve update the article to reflect that update, but I’ve left the Terminal commands for historical reference and in case another bad app pulls a similar stunt.

Or in case, for some unfathomable reason, people are reluctant to download and install yet more software from these known purveyors of malware.

Fool me once…

Now Apple has joined in on the fun, releasing a silent update to kill the Zoom Web server. I’ve updated the article again to reflect that.

I’ve updated the article AGAIN to add more information about the stealth Apple update, and to add instructions from Karan Lyons on how to mitigate the vulnerability in Chrome and Firefox. Really, I just advise updating the Zoom client and uninstalling it entirely, it’ll save you a lot of trouble.

While the second of Leitschuh’s proof of concept links works and dumps me into the conference (audio/video initially both off as set in prefs), the first link just leads me to a page with broken image link. :confused: