As the use of web conferencing has increased, hackers have targeted web conferencing for a variety of malicious activities. Because of its architecture and the way it handles user data, Zoom has been a favored target. Contrary to assertions, Zoom sessions are not encrypted end-to-end and a variety of other security flaws have been reported.
Malicious activities perpetrated by hackers have included:
- “Zoom-bombing” — inserting videos and messages into Zoom sessions, sometimes with obscene or hateful content.
- Taking over a user’s machine including tapping into the webcam and hacking the microphone.
- Stealing and exploiting user data collected by Zoom.
Zoom has changed some of its policies and remediated some reported vulnerabilities, but users need to exercise caution in using Zoom or any video conferencing platform.
The FBI recommends the following steps to mitigate teleconference hijacking threats and has provided steps for doing that mitigation within Zoom.
- Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
- Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
- Manage screen sharing options. In Zoom, change screen sharing to “Host Only.”
- Ensure that you are using the updated version of remote access/meeting applications. In Zoom: Sign in to Zoom desktop client. Click your profile picture then click “Check for Updates.” If there is a newer version, Zoom will download and install it.
- Lastly, please follow university guidelines for working securely from home.
Resources From Zoom about How to Secure Your Zoom Meetings