Zoom’s video conferencing software has more problems than a secret web server on Mac. Even on Windows, websites you visit could start filming you without your consent. All you have to do is click a link. This problem affects Macs, too.
While previous reporting seemed to indicate that Zoom’s problems were specific to macOS, Windows is vulnerable, too. If Zoom is configured to turn on your camera by default in meetings, someone could embed a Zoom link in a web page and immediately start recording you. This would work on either Windows or Mac.
Zoom insists it “have no indication that this has ever happened”—yet. The company considers this a feature and says you’ve given permission for this if your Zoom client is configured to automatically turn on your webcam when you join a meeting.
Jonathan Leitschuh‘s proof of concept website demonstrates this. If you have Zoom software installed and go to the website, the Zoom software will launch and automatically join the meeting and start recording with your webcam. In the case of the macOS, you’d see that behavior even if you previously uninstalled Zoom, thanks to a secret web server Zoom leaves running after it’s uninstalled. But, even on Windows, Zoom will launch if you currently have it installed.
At first, Jonathan Leitschuh’s medium post seemed to suggest this issue only existed on MacOS. But he clarified otherwise in a tweet:
🚨 WINDOWS & MAC USERS 🚨
If you’ve ever checked this box on any browser other than Safari, you are vulnerable as well. pic.twitter.com/FbG2efEe0R— Jonathan Leitschuh (@JLLeitschuh) July 9, 2019
We tested this by installing Zoom software and visiting his proof of concept website using Google Chrome.
Read the remaining 12 paragraphs
Source : Zoom Lets Websites Start Filming You Without Your Consent, Even on Windows
