‘Zero-Click’ Zoom Vulnerabilities Could Have Exposed Calls
Most hacks require the victim to click on the wrong link or open the wrong attachment. But as so-called zero-click vulnerabilities—in which the target does nothing at all—are exploited more and more, Natalie Silvanovich of Google's Project Zero bug-hunting team has worked to find new examples and get them fixed before attackers can use them. Though fixed now, the two vulnerabilities could have been exploited without any user involvement to take over a victim's device or even compromise a Zoom server that processes many users' communications in addition to those of the original victim. “But I wouldn’t be surprised if this is something that attackers are trying to do.” Silvanovich has found zero-click vulnerabilities and other flaws in a number of communication platforms, including Facebook Messenger, Signal, Apple's FaceTime, Google Duo, and Apple's iMessage. She says she had never given much thought to evaluating Zoom because the company has added so many pop-up notifications and other protections over the years to ensure users aren't unintentionally joining calls.
Discover Related
Using Chrome, Windows, iOS and Zoom? Update them now or else risk security breach
Zoom for macOS: No hacker can hack your account now- Know how
The year of Zoom: How the video app overcame scandals, security problems, and Skype
Zoom Can No Longer Lie to its Users About How Secure Its Service Is, Says US FTC
Zoom security flaw meant random people could have spied on your calls
Zoom to offer end-to-end encryption for all users, trial to begin in July
Zoom won't encrypt conversations for free users so law enforcement can intercept calls
Zoom plans to roll out strong encryption for video calls hosted by paying customers
Zoom temporarily disables Giphy integration in its chat feature to ensure privacy protection