The vulnerabilities were discovered by researchers Daan Keuper and Tiis Alkemade of Computest Security, a
The user did not have to press anything for the attack to successfully take over their computer. The error is presented in action below.
We’re still confirming the details of the #Zoom exploit with Daan and Thijs, but here’s a better gif of the bug in action. # Pwn2Own #PopCalc pic.twitter.com/nIdTwik9aW
- Zero Day Initiative (@thezdi) April 7, 2021
According to MalwareBytes Labs, the attack should come fromfrom an accepted external contact or be part of the same organization account. It also affected Zoom Chat, the company's messaging platform, but did not affect in-session chat at Zoom meetings and Zoom video webinars.
Keuper and Alkemad won $ 200 for their discovery000. This was the first time the Corporate Communications category was presented in the competition - given the pandemic, it's no surprise why Zoom was a participant and sponsor of the event.
In the announcement of the victory of Cooper and Alkemada, the companyComputest said the researchers were able to take almost complete control of the target systems by performing actions such as turning on the camera, turning on the microphone, reading email, checking the screen, and downloading browser history.
Zoom made headlines last yeardue to various vulnerabilities. However, this mainly concerned the security of the application itself, as well as the ability to view and listen along with video calls. Our discoveries are even more serious. The vulnerabilities in the client allowed us to take over the entire system from the users, ”Keuper said in a statement.
- Infrared radiation from human hands was used for encryption
- Created the first accurate map of the world. What's wrong with everyone else?
- In Death Valley, bacteria were found that were in evolutionary stagnation for millions of years