Zoom Is Safer Now, Thanks to Hackers
When hacking shows its good side.
It’s what you never want to hear: An important service, used by millions, has a critical vulnerability.
In this case, though, the story has a happy ending.
Often when you hear about vulnerabilities in software, it’s because they’ve already been exploited by hackers — specifically, black hat hackers, the term for hackers who act maliciously.
But there’s a whole other side to hacking. It’s called white hat hacking, and they’re the good guys.
If you want to protect yourself from black hat hackers, you need people who are just as capable of finding and exploiting bugs in your code. That’s what white hat hackers do — they try to break in, but not to take advantage of the vulnerability. They do it to help you identify and fix the problem before the black hat hackers figure it out.
Often, big companies will offer what are known as bug bounties, where they’ll pay a large sum of money to hackers who identify new vulnerabilities. And in the case of this new Zoom vulnerability, it was actually part of a competition to find bugs in popular software. The hackers who found it won $200,000 for their trouble.
We don’t yet know the exact details of the hack. As a courtesy, white hat hackers often give companies a certain amount of time to patch the vulnerability before they reveal how it’s done to the wider public. That way the knowledge is shared, but the company can still protect themselves.
We do know, though, that this hack involved exploiting three bugs in a certain order, which would allow the hackers to run whatever code they wanted on a user’s machine. So far, we know it works on both Windows and Mac computers, although no word on whether it can be used to hack into phones.
We should know more about how it works within a few months, once the discoverers release the details. But in the meantime, Zoom has thanked them for their work and is working on a patch.
If you use Zoom, your machine will soon be that much more protected. And all thanks to white hat hackers.