Zoom video conferencing setting can lead to exploited video cam


This week s security research publicized an issue with the default behavior of Zoom video conferencing software. The software is configured to allow people to auto-join sessions with an active camera. Because of the way Zoom functions, someone could potentially trigger the camera even when the software isn't running and it seems even if Zoom has been uninstalled.

Wired:

The vulnerability stems from a conscious choice on Zoom's part. To reduce friction from the video chat experience, Zoom sets up a local web server on every user’s Mac that allows call URLs to automatically launch the desktop app. Zoom says that this setup is in place as a "workaround" to a feature of Safari 12 that would require users to approve Zoom launching every time they click a call link. And though the workaround is there to deal with a Safari feature, the same setup applies no matter which browser you launch a Zoom link from. Zoom doesn't offer quite such a frictionless experience on Windows, but there's a box you can check to permanently dismiss the prompts and start video automatically, which would put you in a similar situation.

If you use Zoom, the best approach seems to be set the software to block auto joining with video.