FTFuture Technology
SECURITY

The Zoom Hack That Lets You Block Recording Without Anyone Knowing

· 3 min read · By Nath Connell

Key takeaways

  • Exploit disrupts Zoom cloud and local recording by injecting packet-level interference into the stream, producing corrupted output
  • Technique works on current Zoom desktop client versions and is not detectable by hosts or other participants
  • Researchers followed responsible disclosure, notifying Zoom's security team before publishing details
  • Zoom has not issued a patch or public acknowledgement as of 18 July 2026

If you have ever sat in a Zoom call wishing you could stop someone recording it without making a scene, a newly surfaced technique might be the thing you did not know you needed. Security researchers have published details of a method that disrupts Zoom's cloud recording and local recording functions in a way that is largely invisible to other participants and, critically, to the host.

The technique, being referred to informally as a "recording block" exploit, takes advantage of how Zoom handles audio and video stream encoding during active sessions. By injecting specific packet-level interference into the local stream, the person deploying it can cause Zoom's recording function to capture corrupted or blank output, while the live call continues normally for all participants.

This is not a theoretical vulnerability. Researchers have demonstrated it working on current versions of the Zoom desktop client, and the implications are significant in multiple directions.

Who This Is For, and Who It Is Not For

The obvious first instinct is to frame this as a privacy protection tool, and there is a legitimate case to be made there. Recording consent laws vary enormously by jurisdiction. In the United States, some states require all-party consent before a conversation can be recorded. In many corporate environments, calls are routinely recorded for compliance or training purposes without explicit per-call notification beyond a generic policy buried in an employee handbook.

For journalists, lawyers, therapists, or anyone handling genuinely sensitive conversations, the ability to ensure a conversation is not being captured without consent has real value. The idea that a host can silently record a meeting you are attending, with no practical recourse, is a privacy concern that existing Zoom controls do not fully address. Hosts can enable recording notifications, but there is no mechanism for participants to prevent recording if the host chooses to proceed.

However, the same technique is obviously available to people with less benign intentions. A fraudster who does not want their scheme captured on record. An executive concealing conversations that should be documented for legal reasons. Anyone trying to avoid accountability for what they say.

This is the classic dual-use problem that plagues most security research, and it does not have a clean answer.

The future, in 3 minutes a day. The biggest tech story explained every morning, free. Get the briefing →

What Zoom Says

As of the time of writing, Zoom has not publicly acknowledged the vulnerability or issued a patch. The researchers who discovered the technique say they followed responsible disclosure processes, notifying Zoom's security team before going public. The standard responsible disclosure window is 90 days, after which researchers typically publish regardless of whether a fix is in place.

Zoom's recording notification system does currently alert participants when a recording starts, via an on-screen banner. But that notification does not prevent recording, and a host can dismiss or minimise participant visibility of it depending on their client configuration.

The Broader Privacy Problem

This exploit lands in a context where video call recording is increasingly normalised and the privacy implications are underexplored. AI transcription and summarisation tools are now baked into Zoom, Microsoft Teams, and Google Meet, meaning that recordings are often processed not just by the organisation hosting the call but by the AI services they use. Data retention policies for these services vary, and in many cases participants have no practical way to audit where their words end up.

The researchers behind this disclosure argue that pointing out vulnerabilities in recording systems is part of a necessary conversation about consent architecture in video conferencing. Their position is that platforms like Zoom have built robust tools for hosts and administrators, but participant-facing privacy controls remain weak.

That argument has merit. Video conferencing became essential infrastructure during the pandemic and has stayed that way. The consent and privacy frameworks around it have not kept pace with how central it now is to work, healthcare, legal proceedings, and education.

What You Should Do Right Now

If you are a regular Zoom user, the practical takeaways are fairly straightforward. Be aware that recording may be happening whether or not you have consented in any meaningful sense. Check your organisation's recording and data retention policies if you handle sensitive conversations. And if you are an administrator, this is a good moment to audit your notification and consent settings.

A patch from Zoom will presumably come. Until then, the most important thing is understanding that the privacy controls you assumed were in place may not be as solid as you thought.

Sources

Get the briefing, free

The biggest tech story, explained in 3 minutes every weekday. Choose your briefings →

Free. No spam. Unsubscribe in one click.