Zoom-Bombing Hijackers

Uploaded on 2020-04-06 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, FREE TO VIEW

The surge in video conferencing using is raising privacy and security concerns and 'Zoom-bombing', the practice of unwanted guests intruding on video meetings for malicious purposes, has also significantly increased during the pandemic according the the FBI. 

Zoom is an easy-to-use  video conferencing App which has has seen a massive increase in users since the COVID-19 pandemic has forced a large number of people to stay home and turn to video meetings for work or school.

The FBI is warning the public to watch out for hijackers trying to infiltrate their Zoom video sessions and has received multiple reports of conferences being disrupted by pornographic images and threatening language, incuding two hijacking incidents involving local schools that were using Zoom to conduct online classes. 

Other countries are witnessing hijacking attempts as well. Earlier this month, a school in Oslo, Norway reportedly had to shut down online video lessons after a naked man infiltrated a session attended by nine-year-old students. 

The hijacking attempts can occur because users of the video conferencing services are holding the meetings on public channels, which are then shared over the internet via URLs, making them accessible to anyone. In other cases, the hijackers can sometimes guess the right URL or meeting ID for a public Zoom session, giving them access to the feed.

To stay safe, the FBI is encouraging Zoom users, especially at schools, to make their video conferencing sessions private. “In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.... Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.” that agncy advises.

Although taking the precautions recommended by Zoom and the FBI are likely stop a majority of unwanted incidents, video conferencing over the internet remains vulnerable to other forms of attack.

Conferences could be taken over entirely if the host's password were hackedand another vulnerability uncovered in 2019 reportedly could have allowed hackers to take control of the webcams of users and then spy on them even when the app was not in use, although the company is said to have fixed the issue since then.

FBI:     CheckPoint:      PCMag:     Bleeping Computer:      NewsWeek:      ABC News:     

Guardian:     Wired:    The Verge:  CISO Mag:     ThinkUm:     MarketWatch:   


You Might Also Read: 

Hackers Are Targeting Young Video Gamers:

 





 

« Fighting Fake News With Cyber Intelligence
IoT - Pandemics, Opportunities And Massive Data Risks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Qualys

Qualys

Qualys is a pioneer and leading provider of cloud security and compliance solutions.

We Watch Your Website

We Watch Your Website

We Watch Your Website provide website monitoring, protection, malware removal and root cause analysis services to help you keep your website secure.

Cyber Risk & Insurance Forum (CRIF)

Cyber Risk & Insurance Forum (CRIF)

CRIF helps organisations understand cyber risks and the damage that might occur by supporting the development of effective insurance solutions.

Software Engineering Institute (SEI)

Software Engineering Institute (SEI)

At the CERT Division of SEI we study and solve cybersecurity problems, research security vulnerabilities in software, and develop information and training to help improve cybersecurity.

Kuratorium Sicheres Österreich (KSO)

Kuratorium Sicheres Österreich (KSO)

KSO is an independent non-profit association that has set itself the goal of making Austria safer as a national networking and information platform for topics of internal security.

iQuila

iQuila

iQuila is a virtual overlay network which runs on top of an existing network. It creates a secure software enabled layer 2 connection across the internet or any public or private cloud.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

National Cybersecurity Competence Centre (NC3) - Czech Republic

National Cybersecurity Competence Centre (NC3) - Czech Republic

NC3 has been established in response to growing demands for practically applicable products and solutions for ensuring cybersecurity of critical and non-critical information infrastructures.

972VC

972VC

972VC was created to help entrepreneurs find potential funding for their startups. Your guide to the Israeli startup funding ecosystem.

Tego Cyber

Tego Cyber

Tego Cyber delivers a state-of-the-art threat intelligence platform that helps enterprises deploy the proper resolution to an identified threat before the enterprise is compromised.

Aryaka

Aryaka

Aryaka’s SmartServices offer connectivity, application acceleration, security, cloud networking and insights leveraging global orchestration and provisioning.

PolySwarm

PolySwarm

PolySwarm is a crowdsourced threat intelligence marketplace that provides a more effective way to detect, analyze and respond to the latest threats.

Cyclops

Cyclops

Cyclops is the first Contextual Search Platform for cybersecurity.

Leostream

Leostream

Leostream's Remote Desktop Access Platform enables seamless work-from-anywhere flexibility while maintaining security and constant visibility of users.

Trovent Security

Trovent Security

Trovent was founded with a clear goal: to support medium-sized companies in significantly increasing their IT security level.

Panasonic Automotive Systems

Panasonic Automotive Systems

Panasonic Automotive Systems brings together security technologies and human resources cultivated across an extensive range of businesses into the automotive field.