A recent zero-day vulnerability seen in Zoom’s software continues to plague its partners like RingCentral Meeting.
Last week, software engineer Jonathan Leitschuh uncovered a significant security flaw in the Mac client for Zoom. It turns out that this implementation isn’t secure since an attacker could create a link that would automatically join users to a call and turn your video camera on without you noticing. Users will only be made aware that their camera is on after seeing the LED indicator light (which has no option to be turned off as a functionality) lit.
The bigger problem comes from the fact that once an attack is made, the problem will continue to annoy even after uninstalling the software from your Mac computers. This is possible since the designers of the software deliberately included a hidden web server on your Mac that would reinstall Zoom’s client automatically after clicking the link.
Following the discovery of the exploited vulnerability in Zoom’s video calling, the company promised to implement stricter security mechanisms to improve their system.
“To be clear, Zoom honors the user’s video settings,” they said in a press release regarding the vulnerability. “Video is central to the Zoom experience. Our video-first platform is a key benefit to our users around the world, and our customers have told us that they choose Zoom for our frictionless video communications experience,” they added.
And about what they did once they discovered the zero-day, they said: “Once the issue was brought to our Security team’s attention, we responded within ten minutes, gathering additional details, and proceeded to perform a risk assessment. Our determination was that both the DOS issue and meeting join with a camera on concern were both low risk because, in the case of DOS, no user information was at risk, and in the case of meeting join, users can choose their camera settings.”
While Apple has already patched the problem and Zoom has already made sure that their software can be totally uninstalled and deleted from a device, Karan Lyons published evidence of yet more video conferencing apps that could be maliciously opened with their cameras turned on due to a security flaw.
This means that even if Zoom was able to fix the problem with its own system, the patch did not work for other software that they power – and that includes RingCentral.
According to the security researcher, if you are a user of RingCentral, you should update your app as soon as possible as the newest update included the fix. If you are a former user, then you are going to need to do a little more work to check your computer.
Because just like Zoom, RingCentral secretly installed code to your computer that listens for remote calls and this feature cannot be removed by a simple app uninstall process. Similar to how Apple had to intervene with the Zoom situation, Apple also secretly released an update in order to remedy the problem caused by RingCentral.
Apple’s intervention was definitely necessary in this case because; without it, users wouldn’t be able to receive the update that would ultimately remove Zoom’s and RingCentral’s breadcrumbs from an affected device.
Furthermore, Lyon said that with the discovery of the unpatched vulnerability in RingCentral and Zhumu, it is more likely that other white-labeled services from Zoom experience similar problems.
When asked for comment, a RingCentral spokesperson said that the company has “taken immediate steps to mitigate these vulnerabilities for any customers who could be affected,” but that to the company’s knowledge the security flaw hasn’t been exploited in the wild.
Nonetheless, tech experts still believe that the mere fact that such vulnerability exists makes them “irresponsible.”
“Zoom’s efforts to circumvent Safari’s native security are completely irresponsible. The Web server ‘feature’ merely adds a small amount of convenience at a massive security cost. This is flagrant and deliberate security and privacy violation that raises serious concerns over Zoom’s internal security prioritization and threat modeling,” TidBITS Security Editor Rich Mogull said.