Vulnerabilities in the software makeup of popular video-conferencing apps Zoom and Microsoft Teams have been revealed by teams of hackers. For once, however, such an attack may not be as uninvited as usual considering all of these individuals were participating in a competition.
As part of the annual Pwn2Own competition, individuals proficient in coding and other computer security skills were put to the task of identifying potential weak points and design flaws in Zoom and Teams, as a prophylactic measure to prevent future mass hacking attacks from taking place. And what is Pwn2Own, one might venture to ask? Well, as can be surmised from the previous sentence, it’s a convention housing cybersecurity researchers and experts from across the globe, that mainly serves to address security concerns in popular applications by banding together and looking for them. Active since 2007, the Pwn2Own initiative started out in Vancouver as a response to the lack of initiative companies such as Apple were taking in beefing up their own security measures. From there on, the conference and competition has bloomed to involve a multinational audience, and has even been sponsored by the likes of Microsoft.
The sponsorships themselves are particularly of note due to the exorbitant amount of money participants win if they successfully expose weaknesses and deficits in the software presented. This year’s contestants were awarded a total sum of USD $40,000, even if it came at the expense of inciting minor paranoia in users of Zoom and Microsoft Teams. Then again, one must ponder, what were the weak links? What oversights did developers make in this process? Well, let’s get around to addressing them.
Without delving too much into technical jargon, Zoom’s safety boundaries were overcome via a third-party software developed by the participants themselves. Instead of relying on malware, however, all it took was a software appearing as a calculator to breach security. This bizarre act of ingenuity was achieved by two developers from the Netherlands-based cybersecurity firm Computest. Microsoft Teams also received sufficient attention, as multiple individuals (both independent workers and firm employees) found loopholes, presented as bugs or coding errors overlooked during development.
Naturally, steps have been taken to ensure that the exact intricacies of how these security breaches were accomplished are shielded from the general public. Microsoft itself has released a statement, explaining that while confidentiality would naturally surround cybersecurity discourse in the Pwn2Own conference, action against these exposed flaws in software development would be taken in order to ensure application safety moving onwards.
Read next: Hackers are baiting spear phishing attacks with LinkedIn information
As part of the annual Pwn2Own competition, individuals proficient in coding and other computer security skills were put to the task of identifying potential weak points and design flaws in Zoom and Teams, as a prophylactic measure to prevent future mass hacking attacks from taking place. And what is Pwn2Own, one might venture to ask? Well, as can be surmised from the previous sentence, it’s a convention housing cybersecurity researchers and experts from across the globe, that mainly serves to address security concerns in popular applications by banding together and looking for them. Active since 2007, the Pwn2Own initiative started out in Vancouver as a response to the lack of initiative companies such as Apple were taking in beefing up their own security measures. From there on, the conference and competition has bloomed to involve a multinational audience, and has even been sponsored by the likes of Microsoft.
The sponsorships themselves are particularly of note due to the exorbitant amount of money participants win if they successfully expose weaknesses and deficits in the software presented. This year’s contestants were awarded a total sum of USD $40,000, even if it came at the expense of inciting minor paranoia in users of Zoom and Microsoft Teams. Then again, one must ponder, what were the weak links? What oversights did developers make in this process? Well, let’s get around to addressing them.
Without delving too much into technical jargon, Zoom’s safety boundaries were overcome via a third-party software developed by the participants themselves. Instead of relying on malware, however, all it took was a software appearing as a calculator to breach security. This bizarre act of ingenuity was achieved by two developers from the Netherlands-based cybersecurity firm Computest. Microsoft Teams also received sufficient attention, as multiple individuals (both independent workers and firm employees) found loopholes, presented as bugs or coding errors overlooked during development.
Naturally, steps have been taken to ensure that the exact intricacies of how these security breaches were accomplished are shielded from the general public. Microsoft itself has released a statement, explaining that while confidentiality would naturally surround cybersecurity discourse in the Pwn2Own conference, action against these exposed flaws in software development would be taken in order to ensure application safety moving onwards.
Read next: Hackers are baiting spear phishing attacks with LinkedIn information