Ex-NSA Hacker Finds Crucial Security Flaws in Zoom
A hacker formerly employed by the NSA has published the findings of his analysis into the popular video conferencing platform Zoom, adding to the growing list of privacy concerns surrounding the software.
According to several reports and a twitter post, security researchers have found a “Zoom bug that can be abused to steal Windows passwords” while other analysis has found “two new bugs that can be used to take over a Zoom user’s Mac, including tapping into their webcam and microphone.”
The former NSA hacker, Patrick Wardle posted on his blog that can be launched by an attacker that can result in a third-party taking physical control of a vulnerable machine. “Once exploited, the attacker can gain and maintain persistent access to the innards of a victim’s computer, allowing them to install malware or spyware,” writes TechCrunch.
“If you care about your security and privacy, perhaps stop using Zoom,” - Patrick Wardle
The news comes as reports begin to surface that several high-profile companies including Elon Musk’s Space-X has banned the use of Zoom for video conferencing, citing security fears for its 6,000 employees.
“Wardle’s first bug piggybacks off a previous Zoom finding,” reports state. “Zoom uses a ‘shady’ technique - one that’s also used by Mac malware - to install the Mac app without user interaction. Wardle found that a local attacker with low-level user privileges can inject the Zoom installer with malicious code to obtain the highest level of user privileges, known as ‘root’ privileges.”
“Almost immediately I uncovered several issues, including a vulnerability that leads to a trivial and reliable privilege escalation,” Wardle wrote on his blog. “To exploit Zoom, a local non-privileged attacker can simply replace or subvert the runwithroot script during an install to gain root access,” he said.
With this type of access, a malicious third-party can take control over the macOS operating system, providing them clear and easy access to launch malware or spyware into a machine without the user’s knowledge.
The second bug that Wardle has reported is a flaw in the webcam and microphone configuration within Zoom’s software. Wardle posted that an attacker is able to infect a machine remotely with malicious code that tricks the software into giving the hacker the same access to the webcam and microphone that a user enjoys. With the code injected, Wardle writes that it will “automatically inherit” all of Zoom’s access rights, including that of the webcam and microphone, posing an extreme security risk.
“No additional prompts will be displayed, and the injected code was able to arbitrarily record audio and video,” Wardle wrote. “If you care about your security and privacy, perhaps stop using Zoom,” he wrote in the blog.
“Unfortunately, Zoom has (for reasons unbeknown to me), a specific ‘exclusion’ that allows malicious code to be injected into its process space, where said code can piggy-back off Zoom’s (mic and camera) access! This gives malicious code a way to either record Zoom meetings, or worse, access to the mic and camera at arbitrary times (without the user access prompt!), he wrote.”
If you’re tech-literate enough to understand Wardle’s step-by-step guide through the process, you can access the blog here.
Zoom is yet to comment publicly about the flaw or announce a date for patching the vulnerability.