Cyber Security Webinar by Mr. Daan Keuper and Mr. Thijs Alkemade of Computest - Hacking the pandemic’s most popular software

Abstract

When the pandemic required everyone to work from home we saw a huge growth on the video conference market. It was this movement that made the organisation behind the world famous Pwn2Own competition decide to add an 'Enterprise Communication' category to last year’s competition. Everyone who was able to successfully demonstrate a zero-day attack chain against was rewarded with $200.000. We decided to take them up on this challenge, and started researching. This resulted in a working exploit against the then latest version of Zoom, that would give the attacker full control over your system. With this research we where able to win last year’s Pwn2Own competition. Now Zoom has fixed all vulnerabilities we found; we can share the details of our research.

Short bio of Daan Keuper:

Daan Keuper is the head of security research at Computest. This division is responsible for advanced security research on commonly used systems and environments.

Daan participated twice in the internationally known Pwn2Own competition. By demonstrating zero-day attacks against the iPhone and Zoom. In addition Daan did research on internet connected cars. In which they found several vulnerabilities in cars from the Volkswagen Group.

Short bio of Thijs Alkemade

Thijs Alkemade works at the security research division of at Computest. This division is responsible for advanced security research on commonly used systems and environments.

Thijs is a Pwn2Own winner by demonstrating a zero-day attack against Zoom. In previous research he demonstrated several attacks against the macOS and iOS operating systems. He has a background in both mathematics and computer science, which gives him a lot of experience with cryptography and programming language theory.