Both Microsoft Teams and Zoom have been exposed as vulnerable by benevolent hackers taking part in the annual Pwn2Own competition. The hacks, which won the contestants a joint $400,000 in a competition that’s now doled out more than $1 million in prizes, show it’s possible to target the hugely popular videoconferencing tools to take control of a users’ PC.
The Zoom attack was particularly noteworthy as it didn’t require the victim to click on anything and allowed the hackers to write their own software onto the target computer. If they were malevolent hackers, that could’ve been malware for snooping on a system, but they simply launched a calculator (a classic proof of a successful attack).
The exploit was the work of Daan Keuper and Thijs Alkemade from Computest, a Netherlands-based security testing company, who “used a three bug chain to exploit Zoom messenger and get code execution on the target system – all without the target clicking anything,” the ZDI Initiative, a Trend Micro organization that runs Pwn2Own, said in a blog post.
Read more: Forbes