Skip to main content

Known Zoom security flaws are putting your devices at risk

Zoom security flaws allows hackers into your devices
(Image credit: Zoom)

At the recent Pwn2Own security conference, ethical hackers Daan Keuper and Thihs Alkemade from CompueTestSecurity exposed several Zero-day vulnerabilities within the Zoom desktop client. These vulnerabilities can allow hackers to execute random code on user's devices, causing mayhem. 

For their work, Daan and Thijs were awarded $200,000 by Zoom. They stated, " that while earlier Zoom vulnerabilities allowed attackers to infiltrate the calls, their exploit was a lot more serious as it allows attackers to take over the entire system." The ethical hackers chained together three different vulnerabilities in Zoom, creating an exploit. 

Far more frightening is that they could take over the remote systems running the Zoom client unbeknownst to the user. That means the user wasn't required to click links or open any attachments. Keuper and Alkemade then had nearly full control of a user's computer remotely, which they demonstrated by turning on webcam and microphone features, reading user emails, finally downloading the victim's browser history. 

Zoom, for their part, stated, "We take security very seriously and greatly appreciate the research from Computest. We are working to mitigate this issue with respect to Zoom Chat, our group messaging product. In-session chat in Zoom Meetings and Zoom Video Webinars are not impacted by the issue. The attack must also originate from an accepted external contact or be a part of the target’s same organizational account. As a best practice, Zoom recommends that all users only accept contact requests from individuals they know and trust. If you think you’ve found a security issue with Zoom products, please send a detailed report to our Vulnerability Disclosure Program in our Trust Center." 

Zoom wasn't the only vulnerable video conferencing client as another ethical hacker claimed $200,000 for exposing vulnerabilities in Microsoft Teams. The latterwas very grateful, thus the large sum of money they awarded the ethical hacker. 

With all this money being bandied about, it may be time to learn some hacking skills that I can use ethically to help pay for my kid's college tuition. 

Mark has spent 20 years headlining comedy shows around the country and made appearances on ABC, MTV, Comedy Central, Howard Stern, Food Network, and Sirius XM Radio. He has written about every topic imaginable, from dating, family, politics, social issues, and tech. He wrote his first tech articles for the now-defunct Dads On Tech 10 years ago, and his passion for combining humor and tech has grown under the tutelage of the Laptop Mag team. His penchant for tearing things down and rebuilding them did not make Mark popular at home, however, when he got his hands on the legendary Commodore 64, his passion for all things tech deepened. These days, when he is not filming, editing footage, tinkering with cameras and laptops, or on stage, he can be found at his desk snacking, writing about everything tech, new jokes, or scripts he dreams of filming.