FBI: Watch Out for 'Zoom-Bombings' on Online Video Meeting Apps
Grow Your Business, Not Your Inbox
The FBI is warning the public to watch out for hijackers trying to infiltrate Zoom video sessions.
“The FBI has received multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language,” the agency issued in a notice on Monday.
The coronavirus pandemic has helped make the videoconferencing service one of the most popular apps in the country. Unfortunately, that same popularity has also turned Zoom into a target for racists and pranksters, which can be especially problematic for educators reliant on the service.
In today’s warning, the FBI’s Boston field office recounts two hijacking incidents involving local schools that were using Zoom to conduct online classes. “In late March 2020, a Massachusetts-based high school reported that while a teacher was conducting an online class using the teleconferencing software Zoom, an unidentified individual(s) dialed into the classroom. This individual yelled a profanity and then shouted the teacher’s home address in the middle of instruction,” the FBI said.
In the second incident, the culprit infiltrated the Zoom session to display swastika tattoos on his body. The hijackings, also known as “Zoom-bombings,” are starting to emerge as a nationwide threat, the FBI adds.
Other countries are witnessing hijacking attempts as well. Earlier this month, a school in Oslo, Norway, reportedly had to shut down online video lessons after a naked man infiltrated a session attended by 9-year-old students.
The hijacking attempts can occur because users of the videoconferencing services are holding the meetings on public channels, which are then shared over the internet via URLs, making them accessible to anyone. In other cases, the hijackers can sometimes guess the right URL or meeting ID for a public Zoom session, giving them access to the feed.
So to stay safe, the FBI is encouraging Zoom users, especially at schools, to make their videoconferencing sessions private. “In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests,” the agency said. “Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.”
In a statement, Zoom also said: "For those hosting large, public group meetings, we strongly encourage hosts to review their settings and confirm that only the host can share their screen." This will prevent unwanted hijackers from taking over the main video feed on a public session.
"For those hosting private meetings, password protections are on by default and we recommend that users keep those protections on to prevent uninvited users from joining. We encourage users to report any incidents of this kind directly to https://support.zoom.us/hc/en-us/requests/new so we can take appropriate action," the company added.