The secret localhost web server interacts with every website a Zoom user visits. Zoom developed this technique to bypass a security feature in Safari 12, which required users to affirmatively choose to join a Zoom meeting. The localhost web server allows users to join Zoom meetings without manually launching the Zoom client, but also allows others to join users to Zoom meetings without their knowledge or consent. When a Mac-user installs the Zoom client, Zoom installs a localhost web server on the device without the user’s knowledge. Background Zoom Security VulnerabilitiesĮPIC stated that Zoom is one of the largest service-providers in the video conferencing industry and is used by over 30,000 companies and over 40 million people worldwide. However, the FTC failed to act on EPIC’s 2019 complaint against Zoom. As a result, Zoom exposed users to the risk of remote surveillance, unwanted videocalls, and denial-of-service attacks.ĮPIC has brought many similar consumer privacy complaints to the FTC, including the complaint that led to the FTC consent order against Facebook and the complaint that led to the FTC consent order against Google, which later produced a $22.5 m fine. According to EPIC, Zoom intentionally designed its web conferencing service to bypass browser security settings and remotely enable a user’s web camera without the knowledge or consent of the user. In July 2019, EPIC filed a complaint with the FTC alleging that Zoom had committed “unfair and deceptive practices” in violation of the FTC Act. Concerning Zoom’s ability to bypass browser security settings and remotely enable a user’s web camera without the knowledge or consent of the user.
0 kommentar(er)
