What is this Zoom Video Conferencing App?
Zoom is a popular cloud-based meeting platform that provides video, audio, and screen sharing options to users, allowing them to host webinars, teach online courses, conduct online training, or join virtual meetings online.
Are you using the Zoom Video Conferencing app?
If yes, then be wary of two big security issues for Mac users. Any website you’re visiting in your web browser can turn your device camera without your permission. Uninstalling the app doesn’t actually remove it from your system; rather, while installing Zoom, you’ve actually installed a persistent web server on your system that can be used to reinstall the app without your permission.
Is this really a PROBLEM?
Yes, it is a BIG problem, because an attacker can then send you an invite link to a meeting—embedded in a website, or even an email—which launches Zoom (even if you “removed” it). This joins you into a conference call and, by default, your webcam is on, which could create some awkward moments depending on what you’re up to.
But don’t worry, there are two primary fixes for this problem, which security researcher Jonathan Leitschuh outlined in his recent public disclosure of Zoom’s vulnerabilities. At a minimum, you’ll want to go into Zoom’s video settings and enable this setting: “Turn off my video when joining a meeting.”
You can also enable this setting via the Mac Terminal, if you want to get fancy. Run one of two commands:
Turn off your webcam by default for just your local account
defaults write ~/Library/Preferences/us.zoom.config.plist ZDisableVideo 1
Turn off your webcam by default for all users on your Mac
sudo defaults write /Library/Preferences/us.zoom.config.plist ZDisableVideo 1
The bigger solution, if you ask me, is to uninstall Zoom completely—which means removing that persistent web server it has dropped on your system. To do so, you’ll need to open up your Mac’s Terminal and run two commands:
First, run this to get the web server’s Process ID, or PID:
lsof -i :19421
Next, run this command and input the PID where the bracketed text is:
kill -9 [process number]
You’ll then want to go find the
~/.zoomus directory on your Mac and delete it entirely.
Finally, to make sure this server doesn’t get reinstalled on your system for any reason, run these two commands in Terminal:
rm -rf ~/.zoomus
And, of course, delete the Zoom application as you would any app you want to uninstall.
Going forward: Use browser-based apps for web meetings
Most major web meeting services—Zoom, Lifesize, WebEx, etc — allow you to join meetings via your browser. While you’re welcome to install an application on your computer, there’s not much of a reason to ignore the cleaner browser-based approach. You won’t be installing an app on your system you might not need (or, in Zoom’s case, one that comes with a bunch of security hangups.) In most situations, you’ll still be able to do everything in the meeting that you’d be able to do otherwise
If you absolutely must have something that isn’t a browser-based experience, consider installing a web meeting service’s app on your iPhone or Android device. While that means that you’ll have to find a place to prop up your phone or your tablet when you dial in, at least you won’t be installing some problematic software on your primary PC.
Don’t forget to check affordable e-courses and products HERE.