The security professionals, just like all of us, get by with a little help from their friends from time to time. Our internal Zoom team relies on the hacking community in order to identify bugs and identify issues in advance of the bad guys doing so, so we are always on the lookout for threats and bugs before the bad guys do. This is a common practice in the industry.
To find the right people to help us, we have built an ongoing Zoom Bug Bounty program that enlists the help of a talented pool of ethical hackers to bolster the security of the Zoom platform as we actively participate in relevant hacking events. Our company sponsored one day of HackerOne’s H1-702 conference in Las Vegas (August 4th) this year as part of our sponsoring. There were two technology providers participating in these live sessions as part of the contest, Zoom being one of them.
Contents
Bring on the (ethical) hacking
This in-person hacking event was organized by Zoom and another organization as part of their bug bounty programs, both of which were connected to bug bounty programs that each company has. The Zoom web and desktop client as well as Zoom APIs, Zoom Marketplace apps which can be downloaded from Zoom’s marketplace, and any of the binaries that Zoom distributes, have all been hacked by more than 100 security professionals (around 70 in-person and 40 virtual) from 29 countries. As part of the event, the following individual awards were presented to the following individuals:
-
1st Place: todayisnew
-
2nd Place: f6x
-
Best Team Collaborator: todayisnew
-
Exterminator: rijalrojan
-
Vigilante (Most Valuable Hacker): try_to_hack
As a consequence of this industry best practice, Zoom paid roughly $480,000 in bounties at the event – an indication of Zoom’s commitment to investing in security and the importance of industry best practices.
Chatting with the community
I knew that H1-702 would be a great tool for us to connect with the broader hacking community in a number of ways. There was a session that I moderated during the event’s HacktivityCon entitled “Submitting High-Quality Bug Bounty Reports – Tips From Behind the Curtain,” during which I explained exactly what we are looking for when reviewing vulnerability reports submitted to Zoom Bug Bounty in order to qualify for the program.
Strength in numbers
Because we know we’re better together, so in addition to the Zoom Bug Bounty program as well as events like H1-702, we hope to continue to make use of events like H1-702 in order to improve the way we address vulnerabilities and address them in a timely manner. In order to create a safer environment for our customers, we strive to proactively mitigate risk by collaborating with a diverse group of hacker Contacts and Channels . You can add contacts, create contact groups through these initiatives.
FAQs
Can hackers hack through Zoom?
How do hackers find Zoom meetings?
- Zoom Bombing. Zoom bombing is a technique that hackers use to disrupt your video conference by sending rude or inappropriate images or movies.
- Phishing. Phishing is yet another strategy that hackers utilize.
- Screensharing is also available. Screen sharing is another method that hackers employ in their attacks.
- Malware.
- Spoofing.
How do I get unbanned from Zoom?
What is a zoom hacker?
How do you kick a zoom host?
- Launch the desktop client for Zoom and log in.
- You should get the meeting started and ask another member to join you.
- Begin a gathering in your role as the host.
- Click the End button located in the host controls.
- Click the Exit Meeting button.
- Choose someone to take over as the host, and then click the “Assign and Leave” button.