Zoom, a popular video conferencing app, is in hot water today. The Mac version runs a secret web server in the background, even after uninstalling it!, which can be used to reinstall Zoom and even turn on your video camera.
If you’re wondering if this applies to you (you might not be sure someone already installed Zoom on your Mac and then uninstalled it), here’s how to check.
To see if the main Zoom app is currently installed, open the Finder app, select Applications, and search for “zoom.us” in the list. If you have this app installed, you almost certainly have the web server running.
But, even if you don’t have the app here, the web server will still run in the background if you’ve already installed and then uninstalled Zoom.
To check if the server is running, open a Terminal window. To do this, press Command + Space to open Spotlight search, type “Terminal” and press Enter. You can also head to Finder > Applications > Utilities > Terminal.
To find out if the web server is running, type the following command and press Enter:
lsof -i :19421
If you see a “ZoomOpene” process running, the web server is running in the background. If you don’t, it’s not.
If you see Zoom’s web server running and want to completely remove Zoom from your system, run the following commands.
These assume you’ve uninstalled the Zoom app from your Applications folder first. If not, a Zoom update will likely reactivate the web server.
pkill ZoomOpener rm -rf ~/.zoomus
If you want to keep Zoom installed, Lifehacker’s quick guide says you need to enable the “Mute my video when joining a meeting” option for security reasons. Jonathan Leitschuh’s original disclosure provides more information on the issue.
Browser-based video conferencing apps may be a better solution in the future. If you’re just using an app in a browser with no software installed, it can’t do shady things like this on your Mac or PC.
Pro Tip: Simply uninstall all meeting apps from your computer. Use the browser version of the meeting client. They are working fine now. Apps run stuff in the background and I won’t even get into the stupid stuff where they waste CPU time when you never even use them 99.9% of the time.
—SwiftOnSecurity (@SwiftOnSecurity) July 9, 2019