Zoom-Bombing Hijackers

Uploaded on 2020-04-06 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, FREE TO VIEW

The surge in video conferencing using is raising privacy and security concerns and 'Zoom-bombing', the practice of unwanted guests intruding on video meetings for malicious purposes, has also significantly increased during the pandemic according the the FBI. 

Zoom is an easy-to-use  video conferencing App which has has seen a massive increase in users since the COVID-19 pandemic has forced a large number of people to stay home and turn to video meetings for work or school.

The FBI is warning the public to watch out for hijackers trying to infiltrate their Zoom video sessions and has received multiple reports of conferences being disrupted by pornographic images and threatening language, incuding two hijacking incidents involving local schools that were using Zoom to conduct online classes. 

Other countries are witnessing hijacking attempts as well. Earlier this month, a school in Oslo, Norway reportedly had to shut down online video lessons after a naked man infiltrated a session attended by nine-year-old students. 

The hijacking attempts can occur because users of the video conferencing services are holding the meetings on public channels, which are then shared over the internet via URLs, making them accessible to anyone. In other cases, the hijackers can sometimes guess the right URL or meeting ID for a public Zoom session, giving them access to the feed.

To stay safe, the FBI is encouraging Zoom users, especially at schools, to make their video conferencing sessions private. “In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.... Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.” that agncy advises.

Although taking the precautions recommended by Zoom and the FBI are likely stop a majority of unwanted incidents, video conferencing over the internet remains vulnerable to other forms of attack.

Conferences could be taken over entirely if the host's password were hackedand another vulnerability uncovered in 2019 reportedly could have allowed hackers to take control of the webcams of users and then spy on them even when the app was not in use, although the company is said to have fixed the issue since then.

FBI:     CheckPoint:      PCMag:     Bleeping Computer:      NewsWeek:      ABC News:     

Guardian:     Wired:    The Verge:  CISO Mag:     ThinkUm:     MarketWatch:   


You Might Also Read: 

Hackers Are Targeting Young Video Gamers:

 





 

« Fighting Fake News With Cyber Intelligence
IoT - Pandemics, Opportunities And Massive Data Risks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Cyber Exec

Cyber Exec

Cyber Exec is an executive search firm dedicated to global talent acquisition in Cyber Security, Information Technology, Defense...

Masergy Communications

Masergy Communications

Masergy delivers hybrid networking, managed security and cloud communication solutions to enterprises around the globe.

Bufferzone Security

Bufferzone Security

Bufferzone is a patented containment solution that defends endpoints against advanced malware and zero-day attacks while maximizing user and IT productivity.

Dcoya

Dcoya

Dcoya's complete security awareness training program gives you out-of-the-box compliance with PCI-DSS, HIPAA, SOX and ISO regulations.

Swimlane

Swimlane

Swimlane is a leader in security automation and orchestration (SAO). Our platform empowers organizations to manage, respond and neutralize cyber threats with adaptability, efficiency and speed.

KOVRR

KOVRR

Kovrr financially quantifies cyber risk on demand. Our technology enables decision makers to seamlessly drive actionable cyber risk management decisions.

CYDES

CYDES

CYDES is the first event in Malaysia to showcase advanced solutions and technologies to address cyber defence and cyber security challenges for the public and private sectors.

CyberWhite

CyberWhite

CyberWhite is a disruptive provider of cyber security and risk mitigation solutions.

Envieta

Envieta

Envieta is a leader in cryptographic solutions. From server to sensor, we design and implement powerful security into new or existing infrastructure.

Airnow Cybersecurity

Airnow Cybersecurity

Airnow Cybersecurity provide digital cybersecurity services and solutions for organizations and app publishers.

Samurai Digital Consulting

Samurai Digital Consulting

Samurai Digital Security are a cyber and Information security services provider, specialising in penetration testing, incident response, user awareness and information governance solutions.

Communicate Technology

Communicate Technology

Communicate Technology are IT, telecoms and cyber-security specialists, keeping over 500 businesses and 50,000 users connected and secure across the UK.

Rocky Mountain Cybersecurity

Rocky Mountain Cybersecurity

Rocky Mountain Cybersecurity's mission is to provide value by dramatically improving the cybersecurity posture of our clients and business partners.

mxHERO

mxHERO

mxHERO reduces the risks inherent with ransom and cyber-security threats specific to email.

Tonex

Tonex

Tonex providing industry-leading technology training, courses, seminars, workshops, and consulting services to companies and government organizations around the world.

OpsHelm

OpsHelm

OpsHelm provides a Software-as-a-Service solution to help businesses ensure that all of their cloud environments have their security bases covered.