Zoom users could have their webcam and microphone taken over by hackers due to security flaws in the popular video conferencing app.
A former NSA hacker today revealed two previously undisclosed bugs in Zoom’s software that could allow criminals to hijack a user’s Mac.
One bug allows an attacker to inject malicious code into the Zoom installer feature, allowing them to gain access to the Mac’s operating system.
They would then be able to run malware or spyware on the computer without the user noticing.
The second bug means a hacker could hijack Zoom’s access rights on the computer — including its use of the webcam and microphone.
The security flaws, revealed by cyber expert Patrick Wardle, are both local security issues, meaning they can only be fully exploited when an attacker already has a foothold in a vulnerable computer.
It comes just hours after another bug was exposed that allows a Zoom hacker to steal Windows login details from other users.
The video conferencing app has enjoyed a surge in popularity during the coronavirus crisis as millions of people turn to the software for business calls and socialising.
But the company is also facing greater scrutiny over its cybersecurity amid fears hackers could exploit its growing userbase.
“Zoom has a history of making unsound decisions security-wise, but some of them have gone unnoticed until now,” said cybersecurity expert Graham Cluley.
“This combination of security weaknesses and hacker interest means that high risk targets such as UK government would be wise to re-evaluate whether they should really entrust their communications to Zoom.”
New York attorney general Letitia James has written to Zoom raising concerns over its ability to cope with the sharp increase in users.
James asked the firm whether it had reviewed its security since the surge in popularity as governments imposed lockdowns, and her office noted the app had been slow to address issues in the past.
A Zoom spokesperson said: “We are actively investigating and working to address these issues.
“We are in the process of updating our installer to address one issue and will be updating our client to mitigate the microphone and camera issue.”