Earlier this month, the popular video conferencing application for macOS devices, Zoom, was found to have a severe flaw that would allow an attacker to spy on a user’s webcam at their leisure. The same vulnerabilities were found on two rebranded versions named RingCentral, which is used by over 350,000 businesses, and Zhumu, the Chinese version also affecting users on macOS. The flaw stems from a hidden local web server that is downloaded with the application. Even if the app is removed, the hidden web server remains on the user’s system. Mac has addressed the issue by disabling the original Zoom app but has not disabled the other versions. The original proof of concept (POC) video shows how an attacker could turn on the victim’s webcam and microphone remotely. This flaw was later escalated to allow remote code execution attacks by another researcher. RingCentral has released an updated version that patches the vulnerability by removing the webserver. However, the Chinese version, Zhumu, has yet to release an update. The software updates are not capable of helping customers who have removed the programs from their system.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is