IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

‘Zoombombing’ Grabbed Government’s Attention — Now What?

After seeing a huge increase in users, the teleconferencing company has weathered an onslaught of criticisms regarding its security features. For remote government workers, the tools remain in question.

Shutterstock/Ink Drop
If "zoombombing" enters the English Dictionary this year, it will probably be a surprise to no one. 

As more and more governments move to remote work to deal with COVID-19 social distancing requirements, hackers have been quick to find innovative ways of disrupting the teleconferencing apps that are now a necessary part of daily life. 

The FBI recently announced that "video hacking" was a trend likely to rise with the onset of teleconferencing — wherein hackers manipulate or bypass routine security provisions to enter and disrupt video meetings. The DOJ has taken steps to deter such would-be thrill seekers by making it a federal crime

Nevertheless, the primary target for much of this disruption has been Zoom, which, as a major player in the video conferencing industry since 2011, quickly garnered a flood of new membership this year, before a run of hacks dampened that enthusiasm. 

So far, those hacks have been characterized mostly by simple "troll"-like behavior. Some examples include: 

This has naturally worried governments across the country, with some school districts in Utah, California and Washington state either banning or limiting the use of the platform. New York City's Department of Education also recently banned Zoom use for remote teaching for schools throughout the city.

Other governments, meanwhile, have adjusted to the disruptions by shifting policies, sometimes cutting out or reducing public comment sections during meetings, or in other cases simply canceling non-critical meetings altogether. 

As the number of incidents has grown, pretty much everybody — from Google employeesto U.S. Senators, are being diverted to other applications for the time being. The New York Attorney General recently launched an investigation into the company's practices. 

This scrutiny over Zoom has also led to the discovery of a number of security holes that the company has promised to fix. These include: 

Reports show hackers have been using dark Web forums to sell zero day exploits for Zoom and other online communications companies, as the black market for such hacking takes off. 

Meanwhile, Zoom's competitors — like Microsoft and Google — have taken the opportunity to boast their own security features, playing themselves up as more safety-savvy alternatives to the video conferencing giant.   

Some security experts worry that these incidents could eventually rise above mere disruption, especially if the meetings being held involve sensitive information. 

Zoom, for its part, has acknowledged some of the problems and promised to do better, rolling out several new adjusted security features to bolster user protection. However, the company has noted it's been difficult to adjust to the sudden onslaught of new users with the user base swelling by hundreds of millions of people.  

"We recognize that we have fallen short of the community’s — and our own — privacy and security expectations," said Zoom CEO Eric S. Yaun in a recent blog posting. "However, we did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home."

There have been a number of guidelines and tips published to help workers keep their conferences and meetings hacker-free, including a blog published by Zoom about how to keep unwanted people out of your conference, as well as a set of guidelines from the FBI on how to cut down on risk during teleconferences. WIRED Magazine also recently released a guide to keeping your Zoom meetings safe and secure

Lucas Ropek is a former staff writer for Government Technology.