Zoom FBI Warning Prompts Millions to Seek Other Video-Conferencing Platforms
By Rachel McCray
Recently, there have been multiple reports involving the teleconferencing and online classroom hijacking of Zoom web conferences nationwide - fittingly termed “Zoom Bombing.” The cybersecurity threat has even prompted The department of education in multiple states to ban teachers from using the popular tool to teach remotely.
According to AppleInsider.com , “On April 1, it was discovered that a flaw in Zoom's software allows a local user or piece of malware to piggyback on Zoom's camera and microphone permissions. An attacker can inject malicious code into Zoom's process space and ‘inherit’ camera and microphone permissions, allowing them to hijack them without a user's knowledge.”
The attacks occur due to the fact that the web conferences on the Zoom platform are hosted online and are often shared through public URLs and access codes, thus making them accessible to anyone.
The hijacker will sometimes remain silent and simply observe the calls. Other times, however, they will use it to harass people in the conference by posting inappropriate images and hate speech.
These attacks are even more detrimental when they are carried out in academic settings. For example, in late March 2020, a Massachusetts high school reported an incident in which a teacher was conducting an online class using Zoom, and an unidentified individual(s) dialed into the classroom. This unknown individual yelled a profanity and then shouted the teacher’s home address in the middle of instruction, according to FBI.gov.
In addition to schools banning the use of the Zoom platform, Elon Musk’s company, SpaceX, banned the program and instructed employees to utilize alternative methods of communication. Australia’s Ministry of Defense has also banned the software.
Zoom has announced that it will be taking a 90-day development freeze to address privacy issues. The company is also set to host weekly webinars to provide security updates to its users.
The FBI recommends to take the following precautions:
- Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: by requiring a meeting password or using the waiting room feature and controlling the admittance of guests.
- Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people, through private channels such as email or instant messaging.
- Manage screen sharing options. In Zoom, change screen sharing to “Host Only.”
- Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated their software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
- Lastly, ensure that your organization’s telework policy or guide addresses requirements for physical and information security.
What are we thinking about?
Digital Easter Eggs
You’re probably running out of ideas for Easter activities for your company. There may not be phys...
Spring Cleaning Digitally
If you have found yourself with more time on your hands due to COVID-19 this spring, you may have a...