In April 2021, Thijs Alkemade and Daan Keuper demonstrated a zero-day attack against the video-conferencing application Zoom at the Pwn2Own hacking competition. This attack allowed them to take over a remote computer through Zoom, without any action by the victim. This resulted in a $200,000 prize. Afterwards, they shared the full details of these vulnerabilities with Zoom to give them the opportunity to fix them. During this talk, Thijs will describe the vulnerabilities, how they found them and how they developed the exploit to actually take over a computer. Finally, Thijs will also share some thoughts about what zero-day vulnerabilities in popular software mean for companies and what steps companies can take to protect against unknown vulnerabilities.
Speaker: Thijs Alkemade
Thijs Alkemade works at the security research division of at Computest. This division is responsible for advanced security research on commonly used systems and environments. In recent research he demonstrated several attacks against the macOS and iOS operating systems. He has a background in both mathematics and computer science, which gives him a lot of experience with cryptography and programming language theory.