A new flaw discovered in the latest version of “Zoom” allows hackers to take over webcam and microphone and record users’ audio conversations. Hackers can then use the captured audio as they see fit. The vulnerability allows hackers to inject malicious code into video calls, enabling them to view or alter users’ webcam and microphone settings.
What is the issue?
The problem lies in how the Zoom software handles viewing and interacting with the webcam and microphone. When users turn on the webcam, the computer does not actually play the video directly off the internal video card. Instead, the computer tracks an external source of light and projects it onto the camera. An attacker could trick a user into thinking that the camera is turned on by turning on the light around the webcam, when in fact the user is actually seeing the reflected image of the webcam at their computer screen. In other words, the computer is “blind.”
How to prevent?
The way to prevent this from happening is to always turn on the webcam by itself without using the external source of light. Hackers could then trick the user into thinking that the camera is turned on and then transmit the entire conversation that is taking place over the webcam to another computer. Once the user is tricked into thinking that the webcam is turned on, the hacker could record the conversation and the information relayed by the user. In some cases, the hackers may even be able to insert malicious code into the captured video or audio to reveal passwords, credit card numbers, and other personal data. Additionally, the vulnerability affects all versions of Skype and will only be fixed once for all users of the software are updated. So users should immediately download the latest version of the software and apply the update immediately if they own a version of the software older than the current version.