Two Dutch hackers have discovered a leak in the video calling program Zoom that allows them to take over the computers of Zoom users. On Wednesday, they won the Pwn2Own hacking competition and a cash prize of 200,000 dollars (168,000 euros), the organization reports on Twitter.
The user does not have to click on anything to give the hacker access to the computer, as is the case with some phishing emails. That makes the leak extra dangerous.
Daan Keuper and Thijs Alkemade, both working for a cybersecurity company, say no RTL News that Zoom users need not worry, as only they and Zoom know how to exploit the vulnerability. According to the pair, Zoom is already working on a security update.
The men have spent two months exploiting the leak as best as possible, they say RTL News. “Most of the work is in expanding the vulnerability, so that you can actually take over a computer. And that this works every time, regardless of which computer,” says Keuper.