Zoom-Bombing Hijackers

Uploaded on 2020-04-06 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, FREE TO VIEW

The surge in video conferencing using is raising privacy and security concerns and 'Zoom-bombing', the practice of unwanted guests intruding on video meetings for malicious purposes, has also significantly increased during the pandemic according the the FBI. 

Zoom is an easy-to-use  video conferencing App which has has seen a massive increase in users since the COVID-19 pandemic has forced a large number of people to stay home and turn to video meetings for work or school.

The FBI is warning the public to watch out for hijackers trying to infiltrate their Zoom video sessions and has received multiple reports of conferences being disrupted by pornographic images and threatening language, incuding two hijacking incidents involving local schools that were using Zoom to conduct online classes. 

Other countries are witnessing hijacking attempts as well. Earlier this month, a school in Oslo, Norway reportedly had to shut down online video lessons after a naked man infiltrated a session attended by nine-year-old students. 

The hijacking attempts can occur because users of the video conferencing services are holding the meetings on public channels, which are then shared over the internet via URLs, making them accessible to anyone. In other cases, the hijackers can sometimes guess the right URL or meeting ID for a public Zoom session, giving them access to the feed.

To stay safe, the FBI is encouraging Zoom users, especially at schools, to make their video conferencing sessions private. “In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.... Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.” that agncy advises.

Although taking the precautions recommended by Zoom and the FBI are likely stop a majority of unwanted incidents, video conferencing over the internet remains vulnerable to other forms of attack.

Conferences could be taken over entirely if the host's password were hackedand another vulnerability uncovered in 2019 reportedly could have allowed hackers to take control of the webcams of users and then spy on them even when the app was not in use, although the company is said to have fixed the issue since then.

FBI:     CheckPoint:      PCMag:     Bleeping Computer:      NewsWeek:      ABC News:     

Guardian:     Wired:    The Verge:  CISO Mag:     ThinkUm:     MarketWatch:   


You Might Also Read: 

Hackers Are Targeting Young Video Gamers:

 





 

« Fighting Fake News With Cyber Intelligence
IoT - Pandemics, Opportunities And Massive Data Risks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Cloud Foundry Foundation (CFF)

Cloud Foundry Foundation (CFF)

Cloud Foundry supports the full application development lifecycle, from inception, through all testing stages, to deployment.

OneLogin

OneLogin

OneLogin simplifies identity management with secure, one-click access,for employees, customers and partners, through all device types, to all enterprise cloud and on-premise applications.

CROW - University of Waikato

CROW - University of Waikato

CROW is the first cyber security lab established in a New Zealand educational institution at the University of Waikato.

Asigra

Asigra

Asigra provides an industry leading cloud backup and recovery software platform called Asigra Cloud Backup.

Cyber Exec

Cyber Exec

Cyber Exec is an executive search firm dedicated to global talent acquisition in Cyber Security, Information Technology, Defense...

RazorSecure

RazorSecure

RazorSecure offers products and services to enhance railway cyber security, by protecting and monitoring networks and key systems.

MBL Technologies

MBL Technologies

MBL Technologies specializes in information assurance, enterprise security, privacy, and program/project management.

EVOLEO Technologies

EVOLEO Technologies

EVOLEO provides engineering services covering a wide range of needs in the electronics design, embedded and systems engineering.

Quantifind

Quantifind

Quantifind enables financial crimes/fraud analysts and investigators to make better decisions, faster, with intelligent automation.

Iron Bow Technologies

Iron Bow Technologies

Iron Bow Technologies is a leading IT solution provider dedicated to successfully transforming technology investments into business capabilities for government, commercial and healthcare clients.

Foretrace

Foretrace

Foretrace aims to prevent, assess, and contain the exposure of customer accounts, domains, and systems to malicious actors.

Cyber7

Cyber7

CYBER7 is a National Cyber Security Innovation community initiated by Israel National Cyber Directorate, Ministry of Economy and Israel Innovation Authority led by Tech7 – Venture Studio.

Troye Computer Systems

Troye Computer Systems

Troye provide a complete range of digital workspace solutions that empower people to do their very best work in a safe and secure manner anywhere, anytime, using any device.

Tracer

Tracer

Tracer (formerly Appdetex) is a next-generation brand protection solution. It constantly finds, analyzes, and stops brand abuse across Web2 and Web3 digital channels.

Jitterbit

Jitterbit

Jitterbit integrates critical business processes and enables application development to deliver the experiences and insights needed by enterprises of all sizes to accelerate their digital journey.

GrayHats

GrayHats

GrayHats is a platform-based cybersecurity company devoted to delivering comprehensive, scalable, and proactive protection for businesses in an ever-evolving threat landscape.