The Zoombombing phenomenon
CRJ Advisory Panel Member, Lina Kolesnikova, reports on the worldwide phenomenon that has grown alongside our increased use of videoconferencing and calling during the global Covid-19 crisis.
Zoombombing started with uninvited guests, pranks and trolling, but attacks have quickly turned to online abuse and have used pornographic, racist and homophobic content, as well as comments that constitute hate speech and harassment. Image: Evgeniy Bakal/123rf
Since March, we have been living in a world of online meeting platforms, in a new reality of remote work and studies, or hosting personal meetings on the Internet. Videoconferencing has saved the livelihoods and educations of millions of people who stayed locked in their homes owing to the Covid-19 pandemic.
However, the skyrocketing popularity of Zoom has proved too a tempting a target for hackers and has given rise to a new phenomenon nicknamed as ‘Zoombombing’ or ‘Zoomraiding’. Of course, it goes without saying that other online meeting platforms, such as Microsoft Teams, Skype or Webex, could also become targets in much the same way.
It started with uninvited guests, pranks and trolling at the beginning, but attacks have quickly turned to online abuse and have used pornographic, racist and homophobic content, as well as comments that constitute hate speech and harassment.
Another negative aspect of the phenomenon is that the ‘uninvited guests’ can intervene in professional meetings of any kind and steal sensitive information, or simply eavesdrop or spy on people and organisations.
The danger is that the host of the videoconference might not notice someone else’s presence immediately and guests can stay unnoticed for a long time. The perpetrators could be external to the organisation or internal – in schools for example, this could be a continuation of bullying, evolving into cyberbullying.
Such incidents have pushed organisations, particularly schools, to look for other solutions to provide connection to employees and students. In some countries, investigations have led to filing criminal charges against those responsible.
Unlike other types of cyberattacks, hacking into a Zoom meeting could be relatively easy if certain security settings are not activated. Often, Zoom meeting invitations are posted on social media to increase attendance, which can make them more vulnerable. Some argue that Zoom’s default settings could be more secure.
It is important to watch out for vulnerabilities that might be identified in the concerned products and which might then become general knowledge. It is also vital to keep subscriptions to software vulnerability threat intelligence feeds up-to-date and to follow public sources like vendor announcements or databases such as CVEdetails.com
As individuals continue the transition to online lessons and meetings, the FBI recommends exercising due diligence and caution in organisations’ and individuals’ cybersecurity efforts.
The following steps can be taken to mitigate teleconference hijacking threats:
Do not make meetings or classrooms public: In Zoom, there are two options to make a meeting private – require a meeting password, or use the waiting room feature to control the admittance of guests;
Do not share a link to a teleconference or classroom on an unrestricted, publicly available social media post: provide the link directly to the people concerned;
Manage screen sharing options: In Zoom, change screen sharing to ‘host only;
Exercising due care on any local installations such as locally running apps or agent software, making sure patches are timely and appropriate policies are enforced. Ensure all users have updated versions of remote access or meeting applications. In January 2020, Zoom updated their software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join; and
Lastly, ensure that your organisation’s telework policy or guide addresses requirements for physical and information security fully.