The Hacker who could turn on ANYONE'S Zoom Camera [Zero-Day]
Рет қаралды 75,998
Күн бұрынIn this video, we take a deep dive into a high severity Zoom SQL injection vulnerability, which allowed attackers to enable a victims webcam and microphone without their permission. This vulnerability was exploited by taking advantage of dependencies between back-end systems and the SQLite database engine. Whether you're a pen tester, security researcher, or cyber security expert, having a solid foundation in character encoding schemes, especially when it comes to SQL, is critical.
0:00 - Overview
1:06- Reverse Engineering
4:40- SQLite
5:32 - Attack Vector
8:27 - Encoding (ASCII, Unicode, UTF-8)
11:45 - Exploit
WE HAVE A DISCORD NOW! / discord
Original report by Keegan Ryan
/ patched-zoom-exploit-a...
MUSIC CREDITS:
LEMMiNO - Cipher
• LEMMiNO - Cipher (BGM)
CC BY-SA 4.0
LEMMiNO - Firecracker
• LEMMiNO - Nocturnal (BGM)
CC BY-SA 4.0
LEMMiNO - Nocturnal
• LEMMiNO - Nocturnal (BGM)
CC BY-SA 4.0
LEMMiNO - Siberian
• LEMMiNO - Nocturnal (BGM)
CC BY-SA 4.0
#programming #software #softwareengineering #computerscience #code #programminglanguage #softwaredevelopment #hacking #hack #cybersecurity #exploit #tracking #softwareengineer #vulnerability #pentesting #privacy #spyware #malware #cyber #cyberattack #bugbounties #ethicalhacking #lowlevelsecurity #zeroday #zeroday #cybersecurityexplained #bugbounty #SQL #injection #SQLinjection #unicode #ASCII #UTF8 #encoding #breach #SQLbreach #SQLite #databaseinjection #Zoom #Linux #localSQL
@DanielBoctor 6 ай бұрын
JOIN THE COMMUNITY ➤ discord.gg/WYqqp7DXbm ♥ thank you for all of the support ♥
@eyephpmyadmin6988 6 ай бұрын
"Cant read the source code" Ghidra has entered the chat
@DanielBoctor 6 ай бұрын
yep, that's actually what the researcher used to locate the SQLite functions 🤯
@MaxCE 3 ай бұрын
ghidra still can't tell you the function names
@king_james_official 2 ай бұрын
that's not source code
@chriss3404 6 ай бұрын
Classic SQL injection and a nice explanation to go with it! Text encoding was def not the first thing on my mind when thinking about possible escapes, and I guess it wasn't on the mind of the person that tried to manually sanitize SQL input either!
@mudi2000a 4 ай бұрын
They just should use parameters. Then you don’t need to sanitize anything because you can’t inject anything. Not using parameters is a classic beginners mistake. Also I think this should be caught by static code analysis tools which maybe they should have used at Zoom.
@capability-snob 6 ай бұрын
We tend not to ship debug symbols by default with open source programs either - they tend to be much larger than the compiled program itself.
@amaankhan8436 6 ай бұрын
Criminally underrated channel. Keep up the good work man you'll make it big
@DanielBoctor 6 ай бұрын
That's the dream 🚀 Thanks for the support
@0xgordo350 6 ай бұрын
Great video! That explanation of unicode was perfect.
@DanielBoctor 6 ай бұрын
Thanks for the support! Glad you liked it 😊
@BillAnt 4 ай бұрын
@@DanielBoctor- Loved it with the great explanation. :)
@DanielBoctor 4 ай бұрын
@@BillAnt Thank you!
@nournote 6 ай бұрын
Very well explained. Lots of small things to learn, not only a story telling content. Just keep up. Subscribed.
@DanielBoctor 6 ай бұрын
Thanks! Glad you have you aboard :)
@m4rt_ 6 ай бұрын
4:33 and if you want it be more of a hell for people who want to reverse engineer your stuff, you can tell the compiler to generate a stripped binary. On Linux you can do this using the "strip" command. You could use it like this "strip binary -o stripped_binary" or you can do it with the "-s" flag if you are using GCC.
@mudi2000a 4 ай бұрын
Stripped binary is also much smaller and thus always a good thing.
@davikad-quirkies 2 ай бұрын
yup I love using Linux
@gh0stm0nst3r6 6 ай бұрын
Oh my goodness. This is such fantastic knowledge. You explain things phenomenally. Thanks so much.
@DanielBoctor 6 ай бұрын
LOOOOOL I'm glad it was helpful! Glad you have you here! Thanks for the support ❤️
@junosoft 6 ай бұрын
Seems very well explained. Still didn't finish the video, but so far so good. Keep it up
@DanielBoctor 6 ай бұрын
Will do! More is on the way 🚀. Thank you for the support
@ByronShingo 3 ай бұрын
Another eloquent description of a fascinating piece of software security history, brilliant as always.
@DanielBoctor 3 ай бұрын
glad you liked it!
@dcquence 6 ай бұрын
Very interesting. I cannot get over the upward inflection on every sentence though
@DanielBoctor 6 ай бұрын
Ughhhhhhh I know, I do it while I'm filming without realizing it . I'm trying to fix it though.
@qps9380 2 ай бұрын
@@DanielBoctor Honestly man, wasn't an issue for me at all. Super interesting video!
@vanzylv 5 ай бұрын
Very interesting and technically informative. You have a elegant way of explaining things. Thanks!
@DanielBoctor 5 ай бұрын
Glad you found it helpful! Thanks for the support I appreciate it 😊
@flipflopsn 3 ай бұрын
Great video, directly subscribed to your channel. Keep on doing great videos like these! ---- EDIT: Maybe mention tools like IDA or BinaryNinja for reverse engineering. It's not about giving the "bad guys" more information (because we assume they already have them), it's about spreading knowledge across the good guys (White-Hats) to expand their knowledge and being faster/quicker in finding new vulns than the opposition. ---- Nevertheless you did a great job related to the reversing procedure (e.g. the short analysis of the sqlite lib)!
@Isaac-se6ye 6 ай бұрын
great explanation and editing!
@DanielBoctor 6 ай бұрын
Thanks for the support, I appreciate it 😊
@accountaccount3840 6 ай бұрын
Great explanation. Thanks for these videos 😊😊😊
@DanielBoctor 6 ай бұрын
Glad you liked it! Thanks for watching 😊
@cancerino666 6 ай бұрын
Why a new company like Zoom decided to use SQL with all of it's string-based vulnerabilities baffles me.
@mattm7378 5 ай бұрын
It wasn't a mistake. Zoom has been caught out working with gov agencies to essentially steal info from both individuals and organizations. Essentially is a gov tool for blackmail and info stealing (source twitter files)
@b33thr33kay 6 ай бұрын
Wow! Very well explained, thank you! EDIT: my only complaint is the title. It's makes it look like a recent exploit, which is clickbaity and not very nice. I don't think you need to resort to that. 🙂
@cooldestroyer1 6 ай бұрын
A channel can only upload about this type of stuff when it gets patched.
@aurilly_ 6 ай бұрын
@@cooldestroyer1yea and it was patched in june 2020
@SlitheringDemon 6 ай бұрын
@@cooldestroyer1but still makes it look like it's recent
@B1ADE99 6 ай бұрын
Obviously worked on you
@cooldestroyer1 6 ай бұрын
@@B1ADE99 I stopped watching very early:/
@mbhv-ll9lq 6 ай бұрын
How do you not have more than million subscribers? What. you deserve more. keep up the great work!
@DanielBoctor 6 ай бұрын
Thank you! You are a highly awesome fella keep on spreading that positivity
@Impracticallypractical 6 ай бұрын
Great video! Well explained! Only correction is that SQL doesn’t use `//` for comments. It uses `--`.
@whoman0385 6 ай бұрын
I honestly thought I was watching from a big channel, your so underrated, keep it going!
@DanielBoctor 6 ай бұрын
THANK YOU! I appreciate the support! More is on the way 🚀🚀🚀
@AlexandreGTavares 6 ай бұрын
Happy this was on my recommended, nice one
@DanielBoctor 6 ай бұрын
Glad you enjoyed!
@przemeu1353 6 ай бұрын
Great job you getting my sub.
@Grinwa 6 ай бұрын
Absolutely wonderful ❤ And that was super genius method to trick sql once again
@DanielBoctor 6 ай бұрын
Glad you liked it ❤
@RoterFruchtZwerg 3 ай бұрын
Nice 👍 I thought the whole reason why utf-8 subsequent bytes have to start with 1 is to prevent exactly this - a utf-8 start byte eating away ASCII characters. So the utf-8 decoder is also at fault here? It should have stopped decoding...
@larry1851 6 ай бұрын
Such a great video. Glad i found you! Keep going and you shall succeed.
@DanielBoctor 6 ай бұрын
Thank you for the support! Glad you have you apart of the community
@larry1851 6 ай бұрын
@@DanielBoctor somehow evertime I ask myself something while you explain something somehow you clear it up right the next second. It’s a pleasure to watch and I learned a lot.
@DanielBoctor 6 ай бұрын
That's awesome LOL. I appreciate all of the support, and I'm glad you're able to learn from them! It's the reason why I make these videos
@vnc.t 6 ай бұрын
isn't it a sqlite bug as the utf-8 encoder assumes the 10xxxxxx instead of checking for it and raising an error if the first 2 bits weren't 1 and 0? why was it reported to zoom?
@DanielBoctor 6 ай бұрын
Yeah, that definitely shouldn't have happened, but it's technically up to SQLite how they want to treat their encodings ¯\_(ツ)_/¯ The deeper source of the vulnerability was the discrepancy in the way that Zoom and SQLite handled encodings. Zoom treated input as plaintext, while SQLite treated the backslash (\) as an escape, indicating that the following hexadecimal sequence was Unicode. Regardless how how SQLite handled those encodings, it was the discrepancy at the end of the day that enabled any of this to be possible, and the onus is on Zoom to deal with that.
@VG-or1nu 6 ай бұрын
I typically find myself frustrated, or have little patience for videos that fail to delve deeply… (as in all the over-hyped/dumbed-down clickbait that plagues this site)… Luckily this video was a pleasant surprise with its depth and steady quality. 👍
@DanielBoctor 5 ай бұрын
Glad you liked it! Thanks for the support
@Jiyoon02 3 ай бұрын
Wow... Vulnerabilities like this one convince just how important it is to implement a web-cam cover and a physical mic on/off togle, just for a percussion. A simple step like that goes quite a long way, it seems.
@Jango1989 4 ай бұрын
Brilliant video
@DanielBoctor 4 ай бұрын
❤️❤️
@altaccount648 6 ай бұрын
jokes on you i don't have a camera
@thisismygascan4730 6 ай бұрын
is there any reason zoom would have decided to manually implement the input sanitization
@happyjohn1656 6 ай бұрын
This was a great vid
@HydratedBeans Ай бұрын
I love your channel, but also hate realizing that there’s no real way to defend against these things proactively.
@bigbilly29 6 ай бұрын
Great breakdown, thanks for the video!
@DanielBoctor 6 ай бұрын
Thanks! Glad you liked it 😊
@ntrq 6 ай бұрын
nice man
@user-lm3hl3cp7t 6 ай бұрын
Internation man is Hereeer? 🎉
@kodzisko-gd7fc 6 ай бұрын
great video
@DanielBoctor 6 ай бұрын
Thanks!!
@TheTankiPlayer 6 ай бұрын
Cool video, just wanted to add that debug symbols are not necessary for debugging
@hgbugalou 3 ай бұрын
I now understand unicode encoding.
@pabloenriquegorga4222 6 ай бұрын
Outstanding ! cool video !
@DanielBoctor 6 ай бұрын
Thank you! Glad you have you here
@spinniboi 6 ай бұрын
this is basically a Kevin Fang video
@DanielBoctor 6 ай бұрын
Never heard of him before, but you're definitely right - we even both use LEMMiNO's music LOL
@CheckmateRubik 6 ай бұрын
Great Explanation!
@m4rt_ 6 ай бұрын
Damn that UTF-8 trick is clever.
@DanielBoctor 6 ай бұрын
ikr 🤯
@jerichaux9219 6 ай бұрын
I'd thought I'd recognized Lemmino's music there
@John-ix6iw 6 ай бұрын
kind of like that one darkweb movie when the charons joined the call 💀
@bigyoshi4555 6 ай бұрын
i do not know what most of the things are or mean but i still watch it anyway cuz it sounds interesting
@TheControlMastr 5 ай бұрын
Make a reverse engineering video tutorial, geniuenly interested!!!!
@ahndeux 6 ай бұрын
That is why I put electrical tape over all cameras on laptops. That will never be hacked.
@Hauketal 6 ай бұрын
Sometimes the camera is actually wanted. There are laptops providing a mechanical slider, or one can 3D-print a clamp to put over the lens. Easy to reverse and doesn't leave gooey residue.
@mudi2000a 4 ай бұрын
You can buy a Lenovo they have a built in mechanical cover for the webcam so you can easily cover it when not in use.
@everyhandletaken 3 ай бұрын
You had better do the same for the microphone then too 😂
@zai_kun 6 ай бұрын
wow, that was a good explanation
@DanielBoctor 6 ай бұрын
Glad you liked it
@RonaldTrumpOfficial 6 ай бұрын
Well, to this hackers dismay I’m too poor to afford a webcam!
@eyephpmyadmin6988 6 ай бұрын
I have a self sqli on a android app for a bug bounty. Im not sure how to make it viable. It is using sqlite too. Trying to find any other vuln to chain with it. Been sitting on it for a month
@gorg212 6 ай бұрын
You sound exactly like code with lewis lol
@DanielBoctor 6 ай бұрын
LOOOOOOOOOL I NEVER HEARD OF HIM BEFORE BUT I ACTUALLY DO
@WackoMcGoose 5 ай бұрын
_taps forehead_ Can't turn on my camera if I never have it plugged in...
@ankk98 6 ай бұрын
Good explanation
@BanglaBitTheAi 6 ай бұрын
Well explained
@chengong388 2 ай бұрын
I don’t program but I know you can debug binary because I know how to do some basic binary editing with cheat engine.
@NahImPro 6 ай бұрын
Find some verifiable sources to link on the next one
@Tavern_Talk 5 ай бұрын
Fr
@DanielBoctor 5 ай бұрын
frfr
@parthsahni8952 6 ай бұрын
Very nice vid
@s0kulite 6 ай бұрын
I can’t help to say that you’re pronouncing SQLite with an extra L, it’s “Ess-Queue-Lite”, without that extra L.
@DanielBoctor 6 ай бұрын
I didn't even think of it that way LOL
@sekiro_19 6 ай бұрын
Lost to sql injection 😂
@user-hd3pz2ow1b 3 ай бұрын
nice
@dogedev12 6 ай бұрын
bro April 7th is my birthday lol
@novelhawk 6 ай бұрын
This is full of inaccuracies
@mikee. 6 ай бұрын
Great video, horrible clickbait.
@VVVutov 3 ай бұрын
Shit. I watch it but suddenly i figured thats the guy with the "girl with a attitude voice" Dude, find somebody to do a voiceover for you
@DanielBoctor 3 ай бұрын
this was actually my last video with this issue, if you check out my subsequent ones, they should be fine
@bigbilly29 6 ай бұрын
If you get a nebula account ill drop a sub to it
@DanielBoctor 6 ай бұрын
It's an honour to be considered nebula worthy LOL
@procactus9109 6 ай бұрын
This is not easy to listen too.. are you drunnnnnk ?
@AurraKo 6 ай бұрын
@DanielBoctor 6 ай бұрын
👉👈
@iseverynametakenwtf1 6 ай бұрын
the way you are changing the way you talk is bad, just go with your natural tone, it will come off easier to listen to. I had to stop
@DanielBoctor 5 ай бұрын
I think I finally fixed my intonation in my most recent video
@iseverynametakenwtf1 5 ай бұрын
will be checking it out, you are interesting @@DanielBoctor
@DanielBoctor 5 ай бұрын
thank you LOL you are one awesome fella
@aoe4_kachow 3 ай бұрын
Nice topic but boring because you explain too many noob details
@metalwellington 6 ай бұрын
upspeak. come on.
@matthewkeen6281 3 ай бұрын
nice
Anyaischuk LIVE
Рет қаралды 8 МЛН
РЕМОНТ ПО ГАРАНТИИ СЕРВЕРНОЙ ПЛАТЫ ASUS P9X79 ЗА ЛАЙКИ! В ЧЕМ БЫЛА ПРОБЛЕМА? КЛИЕНТ РАЗГОНЯЛ ПЛАТУ!?
notebook-31
Рет қаралды 95 М.
Home Gadgets Haven
Рет қаралды 8 МЛН