As large numbers of people turn to video-teleconferencing (VTC) platforms to stay connected in the wake of the COVID-19 crisis, reports of VTC hijacking, also called “Zoom-bombing”, are emerging.
The Federal Bureau of Investigations (FBI) says it has received multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language.
In one of the incidents reported to authorities, a Massachusetts-based high school said a Zoom online class was interrupted when an unidentified individual(s) dialed into the classroom. This individual yelled profanity and then shouted the teacher’s home address in the middle of an instruction.
In another incident in a Massachusetts school, an individual logged into a class where he was visible in video camera and displayed swastika tattoos.
But the FBI says with enough cybersecurity measures, virtual activities can still be sustained.
To mitigate against Zoom hijackings, the FBI recommends the following five measures:
First, do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
Second, do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
Third, manage screen-sharing options. In Zoom, change screen-sharing to “Host-Only.”
Fourth, ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated their software.
In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
Lastly, ensure that your organization’s telework policy or guide addresses requirements for physical and information security.
