FBI Warns Of Increased Threat From Zoom Hijackers

The Federal Bureau of Investigation released an article earlier this month on the increased risk of video-teleconferencing hijacking known as Zoom Bombing. Zoom-Bombing is a platform specific threat, where bad actors can guess or auto-dial and brute force their way into a Zoom conference that has not set a password requirement to login.

For ease of use, many businesses and organizations do not set up complicated security measures for their Zoom meetings. In the current environment, where so many people are using teleconferencing that never did before, including classrooms and students where the technical fluency may be low, bad actors can rely on the fact that everyone is trying to make it as easy as possible to connect with each other.

Easy, or Vulnerable?

However, making it easy for your workforce or students to connect to a video conference also makes it simple for bad actors to hijack the feed. Without a password requirement, anyone with the correct URL or Meeting ID can access a Zoom meeting. So far, the reported incidents have seen disruptions, but no theft of data – one classroom had a hijacker shout profanity and the teacher’s address, and the other had a hijacker showing swastika tattoos on the video feed.

The simplest way to protect against this is to require a password to login. You can even choose to embed a password into a URL, to retain the ease-of-use of simply sharing a link with your workforce or group.

If you need to run a conference that is open to the public, consider other measures, such as ensuring only the host can share the video feed, or letting users in from a waiting room after verifying their identity.

You care read the FBI article here: https://www.fbi.gov/contact-us/field-offices/boston/news/press-releases/fbi-warns-of-teleconferencing-and-online-classroom-hijacking-during-covid-19-pandemic