When I submitted my CFP to DEFCON 2020, I conducted another round of experiments on Zoom, where I identified new security vulnerabilities that affected different Zoom products. The first time I received a conclusive response regarding the finding was on July 14, 2020, after 4 months of reporting the vulnerability and numerous follow-ups from my side. The first finding that I identified in April 2020 has been not patched. This is also likely due to Zoom implementing a last-minute bug bounty program after its user base boomed during the global pandemic. I assume this is because Zoom focused on the security incidents that had generated the most negative public PR. My experience with Zoom’s security and its VDP (vulnerability disclosure program) did not match what I had seen in the public media. The result of the research revealed several severe security vulnerabilities that affect the Zoom production and development infrastructure, the Zoom Linux app, and Zoom’s implementation of end-to-end encryption implementation. My research focused on identifying security vulnerabilities in Zoom. This post shares my research and experiments in testing and hacking Zoom. Simply put, we can see Zoom in every part of our lives today. The UK government even used Zoom for cabinet meetings 2. Organizations worldwide are using Zoom to enable remote work. The popularity of Zoom has made it a high-profile target for hackers, nefarious actors, and the security community. Zoom grew rapidly over the past year going from 10M active users in early 2019 to over 200M by mid-2020. Zoom is a digital video conferencing software that went public in IPO last year 1, a few months before the global pandemic. Zoom has become one of the most high-performing tech companies of 2020. This blog post discusses my experiments in testing and hacking Zoom. Hacking Zoom Uncovering Tales of Security Vulnerabilities in Zoom
Hacking Zoom: Uncovering Tales of Security Vulnerabilities in Zoom Sunday.
0 kommentar(er)
