In this time of crisis, people from all over the world are huddled into their homes fearing the COVID-19. Schools, colleges and offices around the globe have a shutdown. Office employees and students are harnessing the power of modern technology to stay connected and continue their work/studies with the help of video calling. Zoom has surfaced to be a great option because of its connectivity and 100 participant limit and features like screen sharing, in-built chat and in-app file sharing. The app, however, has some security flaws.
On Monday (March 30th), the Federal Bureau of Investigation warned against the Teleconferencing and Online Classroom Hijacking. “Zoom Bombing”, a term given to the hijacking of an ongoing video call, has been on the rise. It is usually done by a stranger who breaks into an ongoing teleconference just wreak havoc by using hateful/threatening language or showing vile images.
Two schools in the state of Massachusetts reported the following incidents:
In late March 2020, a Massachusetts-based high school reported that while a teacher was conducting an online class using the teleconferencing software Zoom, an unidentified individual(s) dialled into the classroom. This individual yelled a profanity and then shouted the teacher’s home address in the middle of an instruction.
A second Massachusetts-based school reported a Zoom meeting being accessed by an unidentified individual. In this incident, the individual was visible on the video camera and displayed swastika tattoos.
The FBI has also released some guidelines to help prevent “Zoom Bombing”. Some of the guidelines are-
- Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
- Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
- Manage screen sharing options. In Zoom, change screen sharing to “Host Only.”
- Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated their software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
- Lastly, ensure that your organization’s telework policy or guide addresses requirements for physical and information security.