Dutch people Daan Keuper and Thijs Alkemade managed to gain access to computers of Zoom users via Zoom, the organization reports on Twitter.
The user does not have to click on anything to give the hacker access to the computer, as is the case with some phishing emails. That makes the leak extra dangerous.
Alkemade and Keuper, who work for a Dutch cybersecurity company, tell RTL Nieuws that Zoom users need not worry, because only they and Zoom know how to exploit the weakness. According to the pair, Zoom is already working on a security update.
The men have spent two months trying to exploit the leak as best as possible, they say to RTL. “Most of the work is in building the vulnerability so that you can actually take over a computer with it, and that it works every time – regardless of which computer,” says Keuper.