[technology taskforce] Test your browser config if it launches Zoom automatically with camera and mic enabled

Dev Anand Teelucksingh devtee at gmail.com
Thu Jul 11 18:52:26 UTC 2019


The info has been posted to
https://icannatlarge.blog/2019/07/11/ensuring-that-zoom-doesnt-automatically-open-zoom-meeting-links/
as well as on the wiki at
https://community.icann.org/display/atlarge/Zoom+conferencing+solution

Dev Anand

On Thu, Jul 11, 2019 at 12:44 PM DANIEL NANGHAKA <dndannang at gmail.com>
wrote:

> Thank you Dev for sharing this constructive information.
>
> On Thursday, July 11, 2019, Dev Anand Teelucksingh <devtee at gmail.com>
> wrote:
>
>> The security researcher Jonathan Leitschuh who publicly disclosed the
>> Zoom security vulnerability has noted that depending on your browser
>> setting on whether to always open Zoom links with the associated app is on,
>> a malicious webpage (that could be hthanidden in a iframe) can
>> automatically launch Zoom with your camera enabled without asking. This is
>> true for Windows as well as for Mac for Firefox and Chrome browsers.
>>
>> As he noted in his tweet at
>> https://twitter.com/JLLeitschuh/status/1149123386855104516
>>
>> Here is a Proof of Concept Link to see whether Zoom will autolaunch with
>> your camera and mic enabled :
>> https://jlleitschuh.org/zoom_vulnerability_poc/zoompwn_iframe.html
>>
>> If your browser settings are set to always these type of Zoom links with
>> the associated app, you *will* be automatically launched into a Zoom
>> conference with your camera enabled.
>>
>> How to prevent Zoom from auto-opening Zoom links on a webpage :
>>
>> In Mozilla Firefox,
>>
>>    - 1) Click the menu button [image: Fx57Menu] and choose Options.
>>    - 2) In the General panel, go to the *Applications* section.
>>
>> 3) Search for the Content Type *zoommtg* and select it.
>> 4) Click on the Action column in the *zoommtg* row to change the action
>> to "*always ask*"
>> /twitter.com/JLLeitschuh/status/114912338685510dsds
>> [image: firefox-turning-off-automatic-open-zoom.png]
>>
>> In Google Chrome:
>>
>>
>> This is harder for Google Chrome which saves such settings in a
>> preferences file which isn't accessible from the browser.
>>
>> From https://support.google.com/chrome/answer/114662
>>
>> "Chrome allows external applications and web services to open certain
>> links. For example, certain links can open a site like Gmail or a program
>> like iTunes. If you set a default action for a type of link but want to
>> delete it, clear your browsing data
>> <https://support.google.com/chrome/answer/2392709> (
>> https://support.google.com/chrome/answer/2392709) and select "Cookies
>> and other site data."
>>
>> Here's the more "hacky" way:
>> 1) Navigate to chrome://version/ and find the path listed under "Profile
>> Path".
>> 2) Quit Chrome, open that directory, and then open the "Preferences"
>> file. This will appear be a long line of text in a text editor.
>> 3) Look for the string "zoommtg":false or "zoomrc":false. If it either
>> exist, remove them. If there is a comma immediately after either string,
>> remove it as well.
>> 4) Save the file.
>>
>> Visit Jonathan Leitschuh's Proof of Concept page at *
>> https://jlleitschuh.org/zoom_vulnerability_poc/zoompwn_iframe.html
>> <https://jlleitschuh.org/zoom_vulnerability_poc/zoompwn_iframe.html>* to
>> see if your browser asks to open Zoom.
>>
>> This is what you will see in Mozilla Firefox :
>> [image: firefox-ask-to-launch-zoom.png]
>>
>> and this is what you will see in Google Chrome:
>>
>> [image: chrome-ask-to-launch-zoom.png]
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ttf/attachments/20190711/877cbb93/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: firefox-turning-off-automatic-open-zoom.png
Type: image/png
Size: 55083 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/ttf/attachments/20190711/877cbb93/firefox-turning-off-automatic-open-zoom-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: firefox-ask-to-launch-zoom.png
Type: image/png
Size: 42114 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/ttf/attachments/20190711/877cbb93/firefox-ask-to-launch-zoom-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: chrome-ask-to-launch-zoom.png
Type: image/png
Size: 21443 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/ttf/attachments/20190711/877cbb93/chrome-ask-to-launch-zoom-0001.png>


More information about the ttf mailing list