PLEASANT GROVE — A recent incident with a video conference call hosted by Grovecrest Elementary exposed the dangers of “Zoom bombing” after a hacker hijacked an unsecured teleconference.
On Wednesday, the school’s principal started a meeting with nearly 50 students using the teleconference software Zoom. A couple minutes into the call, an unidentified user hijacked the meeting and exposed the students to pornography.
“He heard someone behind the scenes use profanity, and then some pornography was put on the screen,” said Kimberly Bird, spokesperson with the Alpine School District. “He said, ‘Oh my gosh, oh my gosh,’ and shut the meeting down.”
Bird said the graphic images were on the screen for a total of three seconds.
“That was scary, and even though it was three seconds, it’s three seconds too much,” Bird said.
The school district has reached out to students and parents with support providers. They also changed privacy settings on future links to meetings.
“It was a public invite on the school calendar, and we’ve learned since then that the way to be better at safeguarding things like this is to use a private link,” Bird said.
The FBI has received numerous reports of “Zoom bombing” nationwide. They are warning that as large numbers of people turn to these apps to connect during the COVID-19 pandemic, hackers and predators will take advantage of the situation.
“It’s an easy way for people to gain access to kids and it’s an easy way for kids to gain access to whoever they want as well,” FBI special agent Dustin Grant said.
As individuals continue the transition to online lessons and meetings, the FBI recommends exercising due diligence and caution in cybersecurity efforts. They warn that Zoom is not the only app criminals are targeting.
“It’s no different than any other social or live streaming app,” Grant said. “Skype or anything that has capability to stream and contact people within their homes is going to have a vulnerability and risk to it.”
Experts said the following tips can be used to make your calls more secure:
- Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
- Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
- Manage screensharing options. In Zoom, change screensharing to “Host Only.”
- Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated its software. In the security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
- Lastly, ensure your organization’s telework policy or guide addresses requirements for physical and information security.