Helpful Hacking: Zoom Sponsors HackerOne’s H1-702 Event

The security professionals, just like all of us, get by with a little help from their friends from time to time. Our internal Zoom team relies on the hacking community in order to identify bugs and identify issues in advance of the bad guys doing so, so we are always on the lookout for threats and bugs before the bad guys do. This is a common practice in the industry.

To find the right people to help us, we have built an ongoing Zoom Bug Bounty program that enlists the help of a talented pool of ethical hackers to bolster the security of the Zoom platform as we actively participate in relevant hacking events. Our company sponsored one day of HackerOne’s H1-702 conference in Las Vegas (August 4th) this year as part of our sponsoring. There were two technology providers participating in these live sessions as part of the contest, Zoom being one of them.

Bring on the (ethical) hacking 

This in-person hacking event was organized by Zoom and another organization as part of their bug bounty programs, both of which were connected to bug bounty programs that each company has. The Zoom web and desktop client as well as Zoom APIs, Zoom Marketplace apps which can be downloaded from Zoom’s marketplace, and any of the binaries that Zoom distributes, have all been hacked by more than 100 security professionals (around 70 in-person and 40 virtual) from 29 countries. As part of the event, the following individual awards were presented to the following individuals:

  • 1st Place: todayisnew

  • 2nd Place: f6x

  • Best Team Collaborator: todayisnew

  • Exterminator: rijalrojan

  • Vigilante (Most Valuable Hacker): try_to_hack

As a consequence of this industry best practice, Zoom paid roughly $480,000 in bounties at the event – an indication of Zoom’s commitment to investing in security and the importance of industry best practices.

Chatting with the community

I knew that H1-702 would be a great tool for us to connect with the broader hacking community in a number of ways. There was a session that I moderated during the event’s HacktivityCon entitled “Submitting High-Quality Bug Bounty Reports – Tips From Behind the Curtain,” during which I explained exactly what we are looking for when reviewing vulnerability reports submitted to Zoom Bug Bounty in order to qualify for the program.

Strength in numbers

Because we know we’re better together, so in addition to the Zoom Bug Bounty program as well as events like H1-702, we hope to continue to make use of events like H1-702 in order to improve the way we address vulnerabilities and address them in a timely manner. In order to create a safer environment for our customers, we strive to proactively mitigate risk by collaborating with a diverse group of hacker Contacts and Channels . You can add contacts, create contact groups through these initiatives.


FAQs

Can hackers hack through Zoom?

You can send a request to Zoom’s Trust & Safety team to report an account takeover if you believe someone has hacked into your Zoom account or if someone has made modifications to your account without your permission. If you have any questions or concerns, you can visit the Zoom Help Center. The Trust and Safety team at Zoom investigates each request, and when an account takeover is found to be legitimate, they act accordingly.

How do hackers find Zoom meetings?

Top 5 Tactics Used to Hack Video Conferences
  1. Zoom Bombing. Zoom bombing is a technique that hackers use to disrupt your video conference by sending rude or inappropriate images or movies.
  2. Phishing. Phishing is yet another strategy that hackers utilize.
  3. Screensharing is also available. Screen sharing is another method that hackers employ in their attacks.
  4. Malware.
  5. Spoofing.

 

How do I get unbanned from Zoom?

Enter your login information into the Zoom online interface.To access the settings, select the appropriate option from the menu.To access the Meeting tab, click here.Check to see that the Allow removed participants to rejoin option is turned on in the In-Meeting (Basic) section.

What is a zoom hacker?

Zoom bombing, also known as Zoom raiding, is the unwelcome and disruptive entrance into a video-conference call that is typically carried out by internet trolls.

How do you kick a zoom host?

Windows | macOS
  1. Launch the desktop client for Zoom and log in.
  2. You should get the meeting started and ask another member to join you.
  3. Begin a gathering in your role as the host.
  4. Click the End button located in the host controls.
  5. Click the Exit Meeting button.
  6. Choose someone to take over as the host, and then click the “Assign and Leave” button.