Thursday, December 12, 2024
Latest:
OPERATING SYSTEMSOS Linux

MAJOR EXPLOIT – ANYONE Can Turn On Your Zoom Camera

In this video, we take a deep dive into a high severity Zoom SQL injection vulnerability, which allowed attackers to enable a victims webcam and microphone without their permission. This vulnerability was exploited by taking advantage of dependencies between back-end systems and the SQLite database engine. Weather you’re a pen tester, security researcher, or cyber security expert, having a solid foundation in character encoding schemes, especially when it comes to SQL, is critical.

0:00 – Overview
1:06- Reverse Engineering
4:40- SQLite
5:32 – Attack Vector
8:27 – Encoding (ASCII, Unicode, UTF-8)
11:45 – Exploit

WE HAVE A DISCORD NOW! https://discord.gg/WYqqp7DXbm

Original report by Keegan Ryan
https://medium.com/@keegan.ryan/patched-zoom-exploit-altering-camera-settings-via-remote-sql-injection-4fdf3de8a0d

MUSIC CREDITS:
LEMMiNO – Cipher

CC BY-SA 4.0

LEMMiNO – Firecracker

CC BY-SA 4.0

LEMMiNO – Nocturnal

CC BY-SA 4.0

LEMMiNO – Siberian

CC BY-SA 4.0

#programming #software #softwareengineering #computerscience #code #programminglanguage #softwaredevelopment #hacking #hack #cybersecurity #exploit #tracking #softwareengineer #vulnerability #pentesting #privacy #spyware #malware #cyber #cyberattack #bugbounties #ethicalhacking #lowlevelsecurity #zeroday #zeroday #cybersecurityexplained #bugbounty #SQL #injection #SQLinjection #unicode #ASCII #UTF8 #encoding #breach #SQLbreach #SQLite #databaseinjection #Zoom #Linux #localSQL

source

by Daniel Boctor

linux foundation

You May Also Like

How to prevent Apps from accessing Texts or Messages in Windows 10

Accessing Raspberry Pi Terminal using Putty | Raspberry Pi & Python Bootcamp

Ubuntu Music, Rwanda

33 thoughts on “MAJOR EXPLOIT – ANYONE Can Turn On Your Zoom Camera

  • jokes on you i don't have a camera

  • Criminally underrated channel. Keep up the good work man you'll make it big

  • We tend not to ship debug symbols by default with open source programs either – they tend to be much larger than the compiled program itself.

  • Vulnerability? I'm willing to bet a lot of money you communist party of China forced zoom to add it.
    And can I just point out what wonderful spyware zoom is? Like something that it is normal to have. Permissions, same with file and email permissions.

  • That is why I put electrical tape over all cameras on laptops. That will never be hacked.

  • Once again dude, good job. It's rare to see such in-depth analysis here on YT

  • I have a self sqli on a android app for a bug bounty. Im not sure how to make it viable. It is using sqlite too. Trying to find any other vuln to chain with it. Been sitting on it for a month

  • Wow! Very well explained, thank you!
    EDIT: my only complaint is the title. It's makes it look like a recent exploit, which is clickbaity and not very nice. I don't think you need to resort to that. 🙂

  • How do you not have more than million subscribers? What. you deserve more. keep up the great work!

  • Damn that UTF-8 trick is clever.

  • 4:33 and if you want it be more of a hell for people who want to reverse engineer your stuff, you can tell the compiler to generate a stripped binary.
    On Linux you can do this using the "strip" command. You could use it like this "strip binary -o stripped_binary"
    or you can do it with the "-s" flag if you are using GCC.

  • Note: if you want to compile C/C++ using gcc and debug it using gdb, you can use -ggdb to generate debug symbols specifically for gdb.

  • Oh my goodness. This is such fantastic knowledge. You explain things phenomenally. Thanks so much.

  • I honestly thought I was watching from a big channel, your so underrated, keep it going!

  • Find some verifiable sources to link on the next one

  • wow, that was a good explanation

  • Very interesting. I cannot get over the upward inflection on every sentence though

  • Seems very well explained. Still didn't finish the video, but so far so good. Keep it up

  • Great video! That explanation of unicode was perfect.

  • Such a great video. Glad i found you! Keep going and you shall succeed.

Comments are closed.