Zoom, the popular video call service has had a number of privacy and security issues over the years and we’ve seen several very recently as Zoom has seen usage skyrocket during the coronavirus pandemic. Now two new bugs have been discovered that allow hackers to take control of Macs including the webcam, microphone, and even full root access.
Mar 01, 2018 A hacker can take over your camera to snoop and take pictures, as federal prosecutors disclosed in the case of an Ohio man in January.
Update 4/2: Zoom has issued an apology for its privacy and security gaffes, patched these two most recent Mac bugs, and laid out a plan for the next 90 days to improve the service.
But if you’re still wanting to switch to another option, check out our roundup of 10 Zoom alternatives here.
Reported by TechCrunch, the new flaws were discovered by Ex-NSA hacker Patrick Wardle, now principal security researcher at Jamf, who detailed his findings on his blog Objective-See.
Mac Camera Hacked
Wardle goes through a history of Zoom’s privacy and security issues like the webcam hijacking we saw last summer, the calls not actually being end-to-end encrypted as the company claims, the iOS app sending user data to Facebook, and more.
That brings us to today. Wardle’s new bug discoveries mean Macs are vulnerable to webcam and mic takeover again, in addition to taking gaining root access to a Mac. It does have to be a local attack but the bug makes it relatively easy for an attacker to gain total control in macOS through Zoom.
As such, today when Felix Seele also noted that the Zoom installer may invoke the AuthorizationExecuteWithPrivileges API to perform various privileged installation tasks, I decided to take a closer look. Almost immediately I uncovered several issues, including a vulnerability that leads to a trivial and reliable local privilege escalation (to root!).
Wardle describes the entire process in technical detail if you’re interested but the flaw comes down to this:
To exploit Zoom, a local non-privileged attacker can simply replace or subvert the runwithroot script during an install (or upgrade?) to gain root access.
Then, a second flaw Wardle discovered allows access for hackers to access a Mac’s camera and mic and even record the screen, all without a user prompt.
Unfortunately, Zoom has (for reasons unbeknown to me), a specific “exclusion” that allows malicious code to be injected into its process space, where said code can piggy-back off Zoom’s (mic and camera) access! This give malicious code a way to either record Zoom meetings, or worse, access the mic and camera at arbitrary times (without the user access prompt)!
Zoom didn’t respond to TechCrunch after a request for comment. With the millions of people using Zoom with the current global health crisis, hopefully, we see a fix real fast!
FTC: We use income earning auto affiliate links.More.
If you’re super conscious about protecting your privacy, one thing you can do is cover up the camera on your laptop when it’s not being used — there are even commercial covers you can buy for this purpose. But beware: Apple is now warning that using a camera cover could permanently damage your MacBook display.
Back in 2016, Facebook founder Mark Zuckerberg made headlines after sharing a photo of himself in which a taped-up MacBook could be seen on his desk.
The idea is that if the webcam (and/or microphone) on your laptop is taken over by a hacker or an overreaching app, physically blocking them ensures that you can’t be secretly recorded without your knowledge.
But it seems that MacBooks are designed in such a way that placing extra thickness between your display and keyboard could cause the screen to crack.
“Closing your Mac notebook with a camera cover on it might damage your display,” Apple warns in a new support note spotted by MacRumors. “If you close your Mac notebook with a camera cover installed, you might damage your display because the clearance between the display and keyboard is designed to very tight tolerances.”
Blocking the camera can also mess up the MacBook’s ambient light sensor and cause issues with features like automatic brightness adjustment and True Tone.
A Redditor named koolbe found this out the hard way. After buying an upgraded 16-inch MacBook Pro, koolbe put a commercial cover over the camera and put the laptop in a padded backpack for transport. When the laptop was opened up later, there was a vertical crack under the webcam and the display was unusable — it takes minutes for the screen to be updated when it changes.
Instead of physically covering your camera, Apple recommends that you pay attention to the indicator light and the camera’s privacy settings instead.
“The camera is engineered so that it can’t activate without the camera indicator light also turning on,” Apple says. “This is how you can tell if your camera is on.”
Mac Camera Hacking
But if your work requires you to cover your camera, Apple says you should use a cover that’s no thicker than standard printer paper (about 0.1mm).