Zoom Call: The Threat Behind Your Blank Computer Screen

A year ago, Zoom was considered a leading light in video conferencing software and now, it’s a pariah. How did it go so wrong so quickly? Basically, because the developers of the Zoom software wanted to save you the trouble of clicking a button. Undoubtedly, in light of the recent hijack, it’s not only the developers that are regretting that decision.

A lot of us find meetings dull at the best of times, but being dropped into one unknowingly is even more unpleasant. If you’re not looking at your screen and your audio is muted, you could be there picking your nose in front of a whole conference of people! Worse still, someone else could be using your webcam to check out your office equipment or snoop around your home.

How did this security flaw develop, and what can you do to prevent such vulnerabilities in the future?

Zoom for Mac Leaves Users Flawed

The vulnerability in the Zoom for Mac software meant that any website could force a Zoom user to join a call and activate their webcam without any permission from the user.

To give Mac users the most streamlined experience possible, Zoom decided to make joining meetings particularly simple. So simple in fact that all you needed to do was to click on the URL where the meeting was taking place. This would not only allow you to join the meeting, but would automatically launch the desktop app at the same time.

If it wasn’t bad enough that a remote unauthorized user could activate the software on your device and without your permission, the default settings on Zoom meant that the video would also be automatically activated, letting any website you visited access your webcam.

The biggest issue with Zoom for Mac is that it installs its own web server onto each user’s device along with the software. While this enhanced its own software’s performance, it also exposed millions of users to potential webcam hijacking and other unauthorized access by providing what some are calling “a poorly-architected technical solution, which essentially bypasses user browser safeguards in the interests of user experience”. That same web server can also reinstall Zoom software after it’s been removed by the user.

These issues are further exacerbated by the fact that the webserver is tricky to locate, and therefore difficult to delete. Even the spokesperson from Zoom admitted, “we do not currently have an easy way to help a user delete both the Zoom client and also the Zoom local web server app on Mac that launches our client”.

Cybersecurity researcher, JJ Leischuh, discovered Zoom for Mac’s security vulnerabilities back in March, saying “having an installed app running a web server on my local machine with a totally undocumented API feels incredibly sketchy to me. Secondly, the fact that any website that I visit can interact with this webserver running on my machine is a huge red flag for me as a security researcher”.

Thankfully, the Zoom app for Windows was configured slightly differently, perhaps because Windows is more frequently targeted and therefore, more vulnerable to cyber threats, hijacking, and malware, but users could still adjust their settings, allowing the app to dismiss prompts and start videos automatically, creating a similarly vulnerable situation.

Can an Antivirus Prevent Webcam Hijacking?

Any video conferencing software inevitably needs permission to access your webcam. The best antivirus software will generally block that access unless the user gives their permission directly. The problem is, there’s not much point in having video conferencing software if you don’t give it access to your webcam, but as soon as you give that permission, you immediately expose yourself to certain vulnerabilities.

Mac operating systems do have some in-built cybersecurity features, including a Malware Removal Tool, which is used to delete malicious software but which Apple has also utilized “to disable non-malicious but vulnerable software, [as] in the case of the recent Zoom vulnerability”.  It seems; however, these are not far-reaching enough to have protected Zoom for Mac users in the first place.

There is some antivirus software out there, though, that’s a little more powerful and one AVG user posted on the community forum several years ago saying that “I was on my group business meeting & AVG closed it down saying it was a virus threat… I have been using zoom.us for meetings for over a month…”. Maybe AVG was onto something back in 2016 that Zoom and cybersecurity experts only picked up on a couple of months ago?

Certainly, the best antivirus software does include webcam protection and can help defend your device against potential hijacking, but there are other precautions you can take as well.

How to Protect Yourself Against Webcam Vulnerabilities

Every aspect of cybersecurity needs a little injection of common sense, and webcam use is no exception. It makes sense that every outlet you have activated on your device, be it a Bluetooth connection or a webcam, is a two-way system. Think of it like opening a door – you can’t get access to the outside without doing so but you also can’t prevent the outside world from coming in as long as its open.

This is why one of the most fundamental steps in preventing the threat behind your blank computer screen is closing all those doors when you’re not using them. Years ago, it was revealed that Mark Zuckerberg puts masking tape over his webcam when he’s not using it to prevent potential webcam spies.

It may not be the most sophisticated piece of cybersecurity, but it works! It works so well that now the marketplace is swamped with custom-made webcam stickers and the latest laptops are appearing with in-built webcam guards.

A slightly more impressive piece of software that can help boost your webcam protection is a password manager. With so many accounts and logins, many of us find it virtually impossible to maintain strong and recent passwords for every service we use, which is why the best password managers are invaluable.

A strong password changed every six months can make all the difference, as can avoiding suspicious links. Clicking on a link you received from an unknown email address can expose you to all sorts of malware, including remote administration tools that can take control of your device and webcam, just like aliens take control of their hosts’ bodies in sci-fi movies.

Constant vigilance is also key, which is why the best antivirus software is so crucial. Not only can antivirus programs flag vulnerabilities, but they can also scan your device regularly to check for suspicious behavior and potential malware infections.

Best Antivirus Software for Webcam Protection

#1 McAfee

For a long time, Mac users believed themselves impervious to the kinds of malware infections and cyberthreats PC users had to put up with. Over the past couple of years, however, that resilience has been chipped away and the myth of a virus-free Mac has been summarily debunked.

McAfee is one of the oldest antivirus companies around, and as such, offers good all-round protection, including identity theft and ransomware protection, a password manager, and a firewall. Parental controls are available with its premium plans but not even these will give users much in the way of preventing webcam hijacking.

On the plus side, McAfee’s firewall offers robust protection against most external threats, and will, in its default settings, block any remotely initiated connections, including ones attempting to access your webcam.

Although preventing the Zoom security vulnerabilities is tricky, McAfee is renowned for its effective malware detection and removal capabilities, so even if you can’t prevent the infection in the first place, McAfee will soon have it quarantined. You don’t even need a full McAfee subscription either, as its Rootkit Removal tool is available free of charge.

McAfee’s products use some of the latest AI technology to keep cyber threats at bay, and, while its Windows app isn’t the easiest to download, its Mac protection is far more straightforward and comparatively user-friendly. McAfee still has a way to go, but nonetheless offers some of the best antivirus protection around. Sign up with McAfee today or find out what our experts made of it in our full review.

Conclusion

While there’s little you can do to make a Zoom call safe and confidential, using antivirus software and a bit of common sense can give you a lot more protection against potential webcam hacking and other remote access threats than many vulnerable Zoom for Mac users had.

As Zoom continues to roll out half-hearted patches to address its security flaws, so the importance of individual users taking care of their own security becomes increasingly obvious. Fortunately, some antivirus software developers have been around since before the likes of Zoom were even a glimmer in its creators’ digital eyes.

By all means, stick a colorful sticker over your webcam, but don’t let that be the end of your safe practices. Get one of the best antivirus apps for Mac, and give you and your device a chance in the turbulent and crime-ridden waters of cyberspace.