The FBI has sent out a warning about Zoom exploitation called Zoombombing. The name refers to a new type of cyber harassment that the FBI receives more and more reports about. Zoombombing is when a call gets hijacked by an unknown stranger who proceeds to share graphic images or shout profanities on the call. And it’s become a big enough issue that the FBI sent out a press release to warn people about it this week.
Zoom is a video conferencing program that recently gained a lot of new users due to the health crisis. Companies use the program for business meetings and webinars. One can access it via a browser or an app on many devices.
The platform is especially popular amongst companies because it makes it easy for dozens of people to join in on a call. Zoom’s usage, according to the company, has gone up from 10 million daily users in December 2019 to 200 million daily users in March 2020.
According to the press release, the threat is “emerging nationwide,” but it’s a problem the whole world should take note of. Individual people, schools, churches, and companies around the world are all using Zoom right now.
A Growing Problem
The FBI’s press release cites a couple of alarming incidents of Zoombombing over the last few weeks. One of which includes a teacher from a Massachusetts-based high school who was conducting an online class.
During the class, a trespasser logged on and shouted profanities as well as the teacher’s home address out loud. During another class, an unidentified individual displayed their swastika tattoos to the attendees.
These were the only two incidents that the FBI shared. But many more have happened, and some are worse than others. The other day, Click Orlando reported on an event in Orange County where a man dialed into an online class and then exposed himself.
Those may have been separate events. But Zoombombing is becoming a more concerted effort by people who call themselves “Zoom raiders.” These people have started organizing their attacks by sharing Zoom IDs and passwords on message boards like Reddit and 4Chan. Although Reddit has removed those discussions, it doesn’t mean they don’t have other ways to spread information.
Zoom’s Upping the Security
These incidents aren’t new to the platform but increased as Zoom is gaining a lot of new users from all walks of life. The company is currently facing a lot of concern over its privacy and security practices.
Since the news of these Zoombombing attacks broke, the company has sent out a message to say that it’s working on improving security measures.
Zoom founder and CEO, Eric S. Yuan, has stated that the flood of new users has revealed unforeseen issues. He apologized for falling short of users’ privacy expectations and assured that they are working hard to correct that.
Among their efforts are recent updates to their privacy policy and changes so that only teachers can share content in class.
Meanwhile, life goes on. Right now, it means social distancing and relying on conferencing software like Zoom to get things done. So to that end, here are some safety tips for those hosting and dialing into calls on Zoom.
How to Keep a Zoom Call From Being Hijacked
While Zoombombing is still a developing problem, there are ways to mitigate risks when using the platform. Here are some tips:
- Do not make Zoom meetings public, set up a password instead.
- If the meeting has to be public, set up the waiting room feature to control who gets in.
- Use a VPN to encrypt the connection and thus avoid having an outsider hijack it. A VPN like NordVPN ensures the connection stays private. It prevents hackers from finding a person’s home address, like what happened with that unfortunate teacher from Massachusetts.
- Do not share Zoom meeting IDs in forums or on social media. Stick to personally sending the ID link to individuals.
- Make sure to use the latest version of Zoom that has the latest security fixes.
- Change screen sharing options to “host only” for meetings that don’t need anyone else sharing their screens.
The Bottom Line
While Zoom is taking steps to deal with recent security issues, the Zoombombing threat is ongoing. Zoom users should be aware of this threat and take steps right now to protect themselves.