The COVID-19 pandemic unexpectedly propelled one tech player, Zoom, into massive fame. It has transformed the video conferencing platform into one of the most popular online services as the world copes with social distancing and community quarantines.
Zoom offers some relatively new features like simultaneous screen sharing, group messaging and presence, mobile collaboration, mobile app screen sharing, and most prominently, the ability to host multiple users in a video call. These features help usher in some guise of revolution in the field of video conferencing. They helped propel Zoom into massive popularity, with many news outlets using the service for their interviews and TV stations doing fundraising events and alternative formats of their shows with it.
With this rise in popularity comes an increase in cyber attacks. Cybercriminals have been targeting Zoom users, taking advantage of their apparent lack of security mindfulness. Zoom is a new platform with a new set of features, default settings, and usage terms. Hackers are seeing opportunities to attack as users dabble in the platform's new interface and functions.
Zoom does not have an advanced system for managing meetings and resource access similar to the Role-Based Access Control or RBAC systems employed by organizations. However, it has enough features for restricting participants so they don't mess up on the platform. The host-participant dynamic in Zoom is comparable to what RBAC establishes as it limits access or permissions based on roles or authority.
One of the leading hacks targeting Zoom is called "zoombombing." This attack is more of a funny nuisance at best and a form of harassment at worst. It does not involve data theft or the spread of viruses and other malware. However, it is disruptive and can be highly unsettling for certain people.
There have been several reports of zoombombing that targeted online classes. There's one that mired with racial slurs a UCLA class on the history of the racial and cultural roots of Mexico. Another one disrupted an Arizona State University class on storytelling with pornographic videos. In Singapore, the Ministry of Education decided to ban Zoom for home-based teaching after hackers hijacked classes with explicit imagery.
Zoombombing has aggravated in the past weeks according to the New York Times, after analyzing dozens of Instagram and Twitter accounts as well as various 4Chan and Reddit boards. It has reportedly become a "dangerous concerted effort." Several accounts connive to raid Zoom sessions with harassment campaigns and vexatious actions mainly through shocking images and videos. They also share meeting passwords to allow other malicious parties to sow chaos.
Some may say that zoombombing is generally benign, because it does not result in serious cyber damage. Also, most attacks are perpetrated by bored people who have nothing better to do. These include teenagers or students who target online classes because of their frustrations and rebellious tendencies. There are also others who do it to raise their social media engagement.
The attacks are often led by people who are out in the open. They even maintain public social media accounts referred to as Zoom raid accounts (and unambiguously named as such). Some brag about their zoombombing attacks by streaming them on YouTube.
In addition to zoombombing, there's also the usual hack attacks aimed at stealing login credentials. Recently, hundreds of verified Zoom accounts have been compromised with their details posted on a well-known dark web forum according to cyber intelligence firm Sixgill. The account details siphoned include passwords, email addresses, host keys, meeting IDs, names, and the Zoom account types.
The cybercriminal responsible for stealing the hundreds of Zoom accounts posted on April 1st a link to a collection of 352 stolen Zoom accounts. The post included a note saying that the cyber thief "worked really hard" to obtain the compromised accounts.
A tweet from Sixgill says that one of the stolen Zoom accounts used to belong to a major healthcare provider in the United States. Another one was previously owned by a small business. Some seven others were identified to be once handled by different educational institutions.
Sixgill deduced that the stolen accounts were being offered for trolling activities and to disrupt other users of Zoom. No malware has been identified. There have been no schemes to defraud or commit other crimes detected.
Protecting Zoom Accounts
So what do Zoom users need to do to prevent attacks? First, it's important to have all the basic security measures, specifically antivirus and malware protection tools. Most of the leading antiviruses at present come with advanced features that don't only detect and block malicious software from infecting devices. They also include tools that help address social engineering threats by scanning links for potential risks, so users are forewarned before they click on anything.
When it comes to zoombombing, the first thing to do is to update the Zoom app. Public backlash over privacy and security concerns compelled the company to implement changes in Zoom. These changes are readily reflected in the updated application. Also, the company has added security improvements in the service itself to address complaints about poor encryption and perhaps (in the future) to rectify concerns over Zoom's transmission of data to Chinese servers.
Once you have updated your application, do the following precautionary measures.
- Password Protection - Don't let just anyone join your Zoom meetings. Set a unique password and make sure that nobody shares this to outsiders. Not having any password is like an open invitation for zoombombing attacks.
- Private Meeting ID Safety - Avoid sharing meeting IDs or links publicly. Send meeting IDs over private messages. Also, don't use meeting IDs that reflect the nature of what your meeting is about. Let Zoom generate a random ID (with alphanumeric characters) so your meetings wouldn't be attractive to potential attackers.
- Waiting Rooms - Zoom has this feature that allows meeting hosts to screen participants before they can interact with others in an ongoing meeting.
- Screen Sharing Restriction - The reason why zoombombing exploded as it did is largely Zoom's default setting of allowing all participants in a session to share their screens. That's why it only makes sense to change this into "host only" so the host can control what appears on the screen.
- File Transfer Disabling - It's also advisable to disable the file transfer feature to prevent malicious participants from spreading unwanted documents. This feature can facilitate malware infection, which can lead to more serious problems than plain zoombombing.
- Participant Management - Hosts have the ability to control camera output on the screen and mute participants. They can also regulate screen sharing from participants. They can kick participants out of a session, although they may join again with a different name. To address this flaw, it's recommended disabling the "Allow Removed Participants to Rejoin" option.
Zoom gained immense popularity because of the innovative features it introduced. It would be a waste to ditch it because of the growing security and privacy concerns. The good news is that the company has been responding to the complaints, especially under the threat of government investigations and boycotts. The company is trying to improve its service, but users can't rely on these improvements entirely. It's logical to be more prudent and consider the steps outlined above to be safe from Zoom hacks.