The FBI has issued a warning about so-called “Zoombombing” following incidents in which video conferences were hijacked by trolls playing pornographic videos and shouting profanities.
Use of the Zoom app in particular has surged during the coronavirus lockdown, which comes as more than 37,000 cases of COVID-19 have been confirmed in New York state – the worst affected state in the country.
Suspected and confirmed coronavirus cases in America now number above 136,000 on a national basis.
Donald Trump said coronavirus deaths in the US are expected to peak in two weeks – as his top scientific adviser warned the outbreak could kill up to 200,000 Americans.
As citizens following social distancing guidelines are increasingly using remote-working tools to speak to colleagues, New York’s attorney general Letitia James is to investigate the Zoom app over its privacy and security practices.
It comes amid a growing number of incidents in which trolls have used Zoom’s screen-sharing feature to hijack meetings which didn’t have appropriate security standards to prevent unknown users from joining the call.
Among the incidents shared with Sky News was an Alcoholics Anonymous meeting in which an elderly woman in recovery was interrupted from sharing her experiences by trolls playing graphic pornography.
Ms James sent a letter to the company on Monday articulating her concerns about Zoom being slow to address software flaws which “could enable malicious third parties to, among other things, gain surreptitious access to consumer webcams”.
In its warning to the public, the FBI described two incidents in which school classes which were being taught remotely were interrupted by trolls – one shouting profanities and revealing the teacher’s home address – while another showed an individual with swastika tattoos.
The FBI has issued the following guidance to prevent Zoom meetings from being hijacked:
- Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests
- Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people
- Manage screensharing options. In Zoom, change screensharing to “Host Only”
- Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated their software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
In the UK, non-classified cabinet meetings have been taking place remotely using the Zoom software.
This has prompted concerns as the Ministry of Defence (MoD) has ordered all workers in the department to immediately stop using Zoom while “security implications” were investigated.
An email sent to staff also told them to be “cautious about cyber resilience” in “these exceptional times”.
A source said after the revelation: “It is astounding that thousands of MoD staff have been banned from using Zoom only to find a sensitive government meeting like that of the prime minister’s cabinet is being conducted over it.”
A government spokesperson said: “The MoD uses Zoom to conduct cross-government meetings for official level business. There are no plans to review this.
“In the current unprecedented circumstances the need for effective channels of communication is vital.
“National Cyber Security Centre guidance shows there is no security reason for Zoom not to be used for meetings of this kind.”
Zoom said it takes users’ security “extremely seriously” and that 2,000 institutions – from leading telecoms providers to government agencies and universities – have done exhaustive security reviews of the service.
A spokesperson added: “Zoom are in close communication with the UK Ministry of Defence and National Cyber Security Centre and are focused on providing the documentation they need.”