Zoom-Bombing Hijackers

Uploaded on 2020-04-06 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, FREE TO VIEW

The surge in video conferencing using is raising privacy and security concerns and 'Zoom-bombing', the practice of unwanted guests intruding on video meetings for malicious purposes, has also significantly increased during the pandemic according the the FBI. 

Zoom is an easy-to-use  video conferencing App which has has seen a massive increase in users since the COVID-19 pandemic has forced a large number of people to stay home and turn to video meetings for work or school.

The FBI is warning the public to watch out for hijackers trying to infiltrate their Zoom video sessions and has received multiple reports of conferences being disrupted by pornographic images and threatening language, incuding two hijacking incidents involving local schools that were using Zoom to conduct online classes. 

Other countries are witnessing hijacking attempts as well. Earlier this month, a school in Oslo, Norway reportedly had to shut down online video lessons after a naked man infiltrated a session attended by nine-year-old students. 

The hijacking attempts can occur because users of the video conferencing services are holding the meetings on public channels, which are then shared over the internet via URLs, making them accessible to anyone. In other cases, the hijackers can sometimes guess the right URL or meeting ID for a public Zoom session, giving them access to the feed.

To stay safe, the FBI is encouraging Zoom users, especially at schools, to make their video conferencing sessions private. “In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.... Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.” that agncy advises.

Although taking the precautions recommended by Zoom and the FBI are likely stop a majority of unwanted incidents, video conferencing over the internet remains vulnerable to other forms of attack.

Conferences could be taken over entirely if the host's password were hackedand another vulnerability uncovered in 2019 reportedly could have allowed hackers to take control of the webcams of users and then spy on them even when the app was not in use, although the company is said to have fixed the issue since then.

FBI:     CheckPoint:      PCMag:     Bleeping Computer:      NewsWeek:      ABC News:     

Guardian:     Wired:    The Verge:  CISO Mag:     ThinkUm:     MarketWatch:   


You Might Also Read: 

Hackers Are Targeting Young Video Gamers:

 





 

« Fighting Fake News With Cyber Intelligence
IoT - Pandemics, Opportunities And Massive Data Risks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Contrast Security

Contrast Security

Contrast Security is the leader in modernized application security, embedding code analysis and attack prevention directly into software.

ForeScout Technologies

ForeScout Technologies

ForeScout delivers pervasive network security by allowing organisations to continuously monitor & mitigate security exposures & cyberattacks.

Security University

Security University

Security University is a leading provider of Qualified Hands-On Cybersecurity Education, Information Assurance Training and Certifications for IT and Security Professionals.

MAD Security

MAD Security

MAD Security is a premier provider of information and cybersecurity solutions that combine technology, managed security services, support and training.

AdaptiveMobile Security

AdaptiveMobile Security

AdaptiveMobile Security, a world leader in mobile network security, protecting more than 2.2 billion subscribers worldwide.

Excellium Services

Excellium Services

Excellium’s Professional Services team combines expertise and experience that complements your in-house security resources.

Cybertonica

Cybertonica

Cybertonica is a FinTech company which detects and prevents fraudulent transactions and reduces risk for financial services organisations.

EOL IT Services

EOL IT Services

EOL IT Services is the UK’s most accredited provider of IT Asset Disposal (ITAD), Lifecycle Services and Data Destruction.

Tech Nation

Tech Nation

Tech Nation is the UK’s first national scaleup programme for the cyber security sector, aimed at ambitious tech companies ready for growth, at home and abroad.

Dataprovider.com

Dataprovider.com

Our Brand Protection Suite gives you the tools to discover trademark infringement on the Internet, such as websites selling counterfeit products, even when this is not immediately noticeable.

ThriveDX

ThriveDX

ThriveDX, the world’s premier EdTech provider (formerly HackerU), champions digital transformation training as a means of empowering individuals to thrive in the age of digital disruption.

ISARR

ISARR

The ISARR software platform - your bespoke Risk, Resilience & Security Management solution. Simple, cost effective and adaptable, now and into the future.

Hub71

Hub71

Hub71 is a world-class tech ecosystem opening doors to global opportunities from an optimal business environment for entrepreneurial-minded innovators.

Inversion6

Inversion6

Inversion6 (formerly MRK Technologies) is a cybersecurity risk management provider that offers custom security solutions.

Nullify

Nullify

Nullify is your automated security sentry that continuously finds and fixes security issues across your codebase.

Communications Fraud Control Association (CFCA)

Communications Fraud Control Association (CFCA)

CFCA is the premier International Association for fraud risk management, fraud prevention and profitability control.