Tag: Zoom | Page 5

Security Researchers Band Together To Expose Hidden Flaws In Zoom & Microsoft Teams / Digital Information World

April 10, 2021/in Computer Security

Vulnerabilities in the software makeup of popular video-conferencing apps Zoom and Microsoft Teams have been revealed by teams of hackers. For once, however, such an attack may not be as uninvited as usual considering all of these individuals were participating in a competition.

As part of the annual Pwn2Own competition, individuals proficient in coding and other computer security skills were put to the task of identifying potential weak points and design flaws in Zoom and Teams, as a prophylactic measure to prevent future mass hacking attacks from taking place. And what is Pwn2Own, one might venture to ask? Well, as can be surmised from the previous sentence, it’s a convention housing cybersecurity researchers and experts from across the globe, that mainly serves to address security concerns in popular applications by banding together and looking for them. Active since 2007, the Pwn2Own initiative started out in Vancouver as a response to the lack of initiative companies such as Apple were taking in beefing up their own security measures. From there on, the conference and competition has bloomed to involve a multinational audience, and has even been sponsored by the likes of Microsoft.

The sponsorships themselves are particularly of note due to the exorbitant amount of money participants win if they successfully expose weaknesses and deficits in the software presented. This year’s contestants were awarded a total sum of USD $40,000, even if it came at the expense of inciting minor paranoia in users of Zoom and Microsoft Teams. Then again, one must ponder, what were the weak links? What oversights did developers make in this process? Well, let’s get around to addressing them.

Without delving too much into technical jargon, Zoom’s safety boundaries were overcome via a third-party software developed by the participants themselves. Instead of relying on malware, however, all it took was a software appearing as a calculator to breach security. This bizarre act of ingenuity was achieved by two developers from the Netherlands-based cybersecurity firm Computest. Microsoft Teams also received sufficient attention, as multiple individuals (both independent workers and firm…

Source…

Zoom security flaws could let hackers take over your laptop

April 8, 2021/in Computer Security

Two ethical hackers have managed to exploit zero-day vulnerabilities in the Zoom Messenger desktop client to execute random code on a victim’s machine.

Daan Keuper and Thijs Alkemade from CompuTest Security demonstrated their exploit at the ongoing hacking contest Pwn2Own, and were awarded a bug bounty of $200,000 by the video conferencing service.

Commenting on the exploit, Keuper said that while earlier Zoom vulnerabilities allowed attackers to infiltrate the calls, their exploit was a lot more serious as it allows attackers to take over the entire system.

TechRadar needs you!

We’re looking at how our readers use VPN for a forthcoming in-depth report. We’d love to hear your thoughts in the survey below. It won’t take more than 60 seconds of your time.

>> Click here to start the survey in a new window<<

Hijacking remote systems

The ethical hackers chained three vulnerabilities in the Zoom messenger to create their exploit.

Even more alarming is the fact that they were able to take over the remote system running the Zoom client without any involvement from the victim; the exploit didn’t require the victim to click any links or open any attachments.

Once successful, the duo had an almost complete control over the remote computer. They demonstrated several actions such as toggling the webcam and the microphone, gawking at the desktop, reading emails, and downloading their victim’s browser history.

Pwn2Own is a popular security conference where ethical hackers demonstrate zero-day vulnerabilities in popular devices and apps. Given the rise of remote collaboration tools, the conference organizers added the new Enterprise Communications category this year.

Elsewhere in the conference another ethical hacker hacked into Microsoft Teams, again by exploiting a combination of vulnerabilities to execute arbitrary code, and earned himself a $200,000 bug bounty from Microsoft.

Source…

How To Set A Zoom Background On iOS, Android & Windows

March 3, 2021/in Mobile Security

Zoom is a great communications tool for staying in touch with work colleagues and friends, so it is worth trying the virtual backgrounds out.

Zoom allows users to set a virtual background, offering the opportunity to personalize their video calls. Users can set a virtual background on iOS or Android, as well as on a Windows device. It’s not very complicated to set up a background on any of these devices, with only a few steps standing between Zoom users making a video call in the TARDIS from Doctor Who or with their favorite Pixar character.

For people working from home during the coronavirus pandemic, or those simply looking for social interaction, Zoom has proven to be an incredibly important communication tool and one that comes with a wide variety of virtual backgrounds to choose from. As popular as it is, Zoom is by no means a perfect solution, however. Privacy and security issues have been a problem in the past, including “Zoom-bombing” which is when someone that’s not invited to a Zoom call crashes in.

Related: Zoom: How To Enable Two-Factor Authentication & Secure Your Account

To set a Zoom…

Source…

Girl Exploits Zoom Safety Feature To Get Her Out Of School For Weeks

February 17, 2021/in Internet Security

Want to feel like the youth is so much smarter than you? Look no further than the story of a young girl who figured out a way to get out of having to attend virtual school through Zoom by exploiting a safety feature hack and leaving none the wiser — not her mom, teachers, or school administration — for literally weeks.

The story, reported by her uncle, of the elaborate Zoom heist that got her out of school for almost a week to Twitter was first one the little kid referred to as a “technical glitch.” But what it really was that the genius 8-year-old pulled off avoiding her online school for weeks before she was caught by exploiting a few small things on Zoom that stumped basically everyone in her life. It’s hilarious, mischievous, and she got away with it for a while.

Mike Piccolo, the girl’s uncle, is the chief technology officer of the web development company FullStack Labs. He shared a Twitter thread outlining the details of how his young niece was able to get out of attending virtual school. She used a safety feature on Zoom to her advantage, disguised as a software error, and got out of attending school meetings for weeks.

Seriously, genius.

The grifter: My 8 year old niece

The prize: Playing virtual hooky permanently (School Zoom calls)

The marks: My sister, my brother in law, the teacher, the school’s computer teacher, the principle and Zoom’s support team

The con: How she pulled it off… thread pic.twitter.com/cdz3SRhRu9

— Mike Piccolo (@mfpiccolo) February 13, 2021

“Day 1: (Zero Day) My sister has three kids, all are currently in Zoom classes. Mysteriously one day, my niece’s zoom stopped working,” Mike tweeted. “She went and told my sister who tried for over an hour to get her logged back in but could not. She figured it was a weird glitch.”

Day 2: The next day, sure as shit, the same thing happened. My niece was kicked off and couldn’t log back in. My sister emails the teacher and tells her she is having issues with zoom and she will try to figure it out.

— Mike Piccolo (@mfpiccolo) February 13, 2021

For days, her mother tried to fix the error, according to Mike. While trying to log in, Zoom kept saying that they had the…

Source…

Tag Archive for: Zoom