As more and more governments move to remote work to deal with COVID-19 social distancing requirements, hackers have been quick to find innovative ways of disrupting the teleconferencing apps that are now a necessary part of daily life.
The FBI recently announced that "video hacking" was a trend likely to rise with the onset of teleconferencing — wherein hackers manipulate or bypass routine security provisions to enter and disrupt video meetings. The DOJ has taken steps to deter such would-be thrill seekers by making it a federal crime.
Nevertheless, the primary target for much of this disruption has been Zoom, which, as a major player in the video conferencing industry since 2011, quickly garnered a flood of new membership this year, before a run of hacks dampened that enthusiasm.
So far, those hacks have been characterized mostly by simple "troll"-like behavior. Some examples include:
- During a city meeting in Kalamazoo, Mich., hackers trolled commission members with slur-laden profanity.
- A recent Zoom call with Utah elementary school students was apparently derailed when hackers managed to insert pornography into the call.
- California school board and city council meetings in Conejo Valley and Lafayette recently suffered through disruptions. Governments in many other states, including Vermont, have reported similar problems.
Other governments, meanwhile, have adjusted to the disruptions by shifting policies, sometimes cutting out or reducing public comment sections during meetings, or in other cases simply canceling non-critical meetings altogether.
As the number of incidents has grown, pretty much everybody — from Google employees, to U.S. Senators, are being diverted to other applications for the time being. The New York Attorney General recently launched an investigation into the company's practices.
This scrutiny over Zoom has also led to the discovery of a number of security holes that the company has promised to fix. These include:
- A lack of end-to-end encryption for video calls. Zoom had previously claimed to provide E2EE across the board for all their services, but apparently revealed to The Intercept that video calls do not support this level of security.
- The company was found to be routing traffic through China, which has raised questions about privacy, given the country's heavy surveillance of Internet activity. Zoom subsequently apologized for this oversight.
- A security researcher revealed how a Zoom bug could allow hackers to deploy password stealing malware for Microsoft users. Zoom has subsequently patched it.
Meanwhile, Zoom's competitors — like Microsoft and Google — have taken the opportunity to boast their own security features, playing themselves up as more safety-savvy alternatives to the video conferencing giant.
Some security experts worry that these incidents could eventually rise above mere disruption, especially if the meetings being held involve sensitive information.
Zoom, for its part, has acknowledged some of the problems and promised to do better, rolling out several new adjusted security features to bolster user protection. However, the company has noted it's been difficult to adjust to the sudden onslaught of new users with the user base swelling by hundreds of millions of people.
"We recognize that we have fallen short of the community’s — and our own — privacy and security expectations," said Zoom CEO Eric S. Yaun in a recent blog posting. "However, we did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home."
There have been a number of guidelines and tips published to help workers keep their conferences and meetings hacker-free, including a blog published by Zoom about how to keep unwanted people out of your conference, as well as a set of guidelines from the FBI on how to cut down on risk during teleconferences. WIRED Magazine also recently released a guide to keeping your Zoom meetings safe and secure.
