“Zoom bombing” is the catchphrase everyone is talking about. No, really! This is where uninvited guests crash your meetings or chat on the popular video conferencing app that are not password protected. There are large numbers of people who are still posting the Zoom meeting number online, and without any protection, bombers can simply enter any meeting and cause havoc. Some users have complained their conferences have been ‘Zoom-bombed’ with pornography and hateful messages and images.
The video conferencing app has rapidly grown in popularity while people are kept away from workplaces to maintain social distance during the COVID-19 outbreak.
One way to deal with this problem is to enable “Sign in with two-factor authentication” and enable this for all users in your account. Another option is to use “waiting-rooms”. This allows the host to screen everyone entering the meeting to ensure no one uninvited can get in.
And that’s just one problem facing the firm. Zoom is currently investigated by FBI after quarantined workers’ virtual conferences were hacked with porn.
The FBI’s Boston office warned it has received multiple complaints
NY state Attorney General Letitia James sent a letter to Zoom with questions ‘to ensure the company is taking appropriate steps to ensure users’ privacy’
The company has since said it takes security issues ‘extremely seriously’
Various Alcoholics Anonymous video conference calls have been hacked into and where slurs, misogynistic comments have been made to members and they have even taunted them about the taste of alcohol.
According to Business Insider, in New York, , the regional division of the national AA organization, has been using the software Zoom to have video meetings and during one meeting, the members suddenly heard a man’s voice interject and shout anti-Semitic slurs and insensitive references to drinking, and boasting, ‘Alcohol is soooo good’.
Meeting organizers quickly muted the troll and removed them from the meeting.
To gain access to any of these online meetings, all trolls must do is search the internet for links to video conferences and enter the calls.
The FBI issued a warning about Zoom hacking earlier this week after the video conferences of several schools were disrupted by intruders.
A Zoom spokesperson said the company was “deeply upset to hear about the incidents involving this kind of attack.”
“For those hosting large, public group meetings, we strongly encourage hosts to review their settings and confirm that only the host can share their screen. For those hosting private meetings, password protections are on by default and we recommend that users keep those protections on to prevent uninvited users from joining.”
It’s not just in the US where the Zoom app has come under scrutiny.
Boris Johnson sparked security fears as he posted pictures of the UK’s first digital-only Cabinet meeting online – including details of how to join the conversation. The Prime Minister, who is currently self-isolating in Downing Street after being diagnosed with coronavirus, tweeted an image of the meeting meeting, which went ahead completely using the app.
However, in the corner of the screen-grab he shared with his two million followers was the ‘room’ ID for the meeting using the Zoom software. It immediately sparked scramble to guess his password
Luckily, their efforts were scuppered as the meeting was also password protected.
Downing Street said it was confident its communications links were secure, despite concerns raised about the apparent use of Zoom to conduct the meetings.
And only last week the use of the software by Ministry of Defence staff was suspended last week while ‘security implications’ were investigated.
Zoom was also found to be covertly sending data to Facebook.
According to a blog post from the company’s CEO Eric S. Yuan, Zoom was ‘made aware that the Facebook SDK was collecting device information unnecessary for us to provide our services’ and has subsequently changed the app’s code.
Yuan wrote: “Our customers’ privacy is incredibly important to us, and therefore we decided to remove the Facebook SDK in our iOS client and have reconfigured the feature so that users will still be able to log in with Facebook via their browser.”
Zoom has now removed code from its app that was sending user data to Facebook. The app was transmitting device information, log-on times, and more Zoom’s policy wasn’t clear about the data sharing practices. Users must update their Zoom apps to reap the new privacy measures
iCaaS is the trusted standard for data protection.
To find out how we can help you and your organisation, get in touch with one of our data protection specialists for advice. Call: 0345 6460066 or email: [email protected]