Jitsi privacy flaw enables one-click stealth audio and video capture
9 months ago
- #security
- #privacy
- #Jitsi
- Jitsi has a privacy flaw allowing attackers to capture audio and video without user consent.
- Attackers can exploit this by redirecting users to a Jitsi meeting link in the background.
- If users previously allowed mic/camera access, the attack runs silently without interaction.
- A trick using `window.open` can hide the attack by keeping the Jitsi window hidden.
- Jitsi claims this is a feature and has no plans to fix it, despite security risks.
- Disclosure timeline shows Jitsi dismissed concerns and failed to respond for over a month.