Just yesterday it was reported that a critical Zoom vulnerability lets hackers record meetings anonymously even if the host has disabled the recording feature. On the other hand, incidents of Zoombombing, which refers to Zoom-based meetings being hacked to show indecent footages, has become a regular thing.
Given the popularity and reachability of the app, hackers are naturally enticed to exploit the platform in one way or another. For instance, hackers are profiting from Zoom’s popularity by selling millions of its login credentials on the dark web.
However, lately, several meetings worldwide have been infiltrated where hackers managed to share footages of child sexual abuse involving “very young” children. In several such incidents, hackers infiltrated Zoom meetings including one on April 20th, when a virtual church service that was being hosted by Adam Evers, the founder of the Christian LGBTQ+ dating app Believr was targeted by hackers.
Evers who is based in Oakland, California, stated that while sharing a slide, he observed a black box emerging on the screen out of nowhere and the slide was replaced with child sexual abuse footages, which was seen by the entire congregation. An entire community has been traumatized due to this incident, he tweeted later.
.@zoom_us someone hijacked and hacked our zoom account yesterday.
At roughly 10:30am PST we were presenting a google slide via an external monitor. A black box appeared over the google slide but did not affect the sharing of the slide to our congregation. https://t.co/QGy4h7gOtK
— Adam Evers (@adamevers) April 20, 2020
But yet the attacker overrode these settings and was able to display child pornography to our church of 60+ congregants. We churches is home to families, children and survivors of sexual assault. These images traumatizes an entire community. @zoom_us has STILL not responded.
— Adam Evers (@adamevers) April 20, 2020
Last week, the South African Minister for Women, Youth, and Persons with Disabilities hosted a public webinar using Zoom which ended up being hijacked with pornography. The webinar was supposed to educate people on the impacts of COVID-19 on vulnerable and at-risk members of society.
On April 4th, 2020, hackers yelled racist slurs along with displaying Nazi flag and x-rated images during California’s Valley Transportation Authority Board of Directors’ Zoom meeting.
Another meeting was of a legal educational seminar, which was held on Tuesday and was attended by 40 participants virtually. This meeting was interrupted only after 20 minutes and “distressing” images of child abuse were displayed.
The virtual meeting organized by Open Rights Group was also one of the recent targets of hackers, and they were “appalled” to have become targeted with such explicit images of child abuse. The group has notified law enforcement authorities regarding the incident.
On April 16, 2020, a Zoom video conference between Indonesian ICT experts was also hijacked with a porn video.
The National Crime Agency (NCA) in the United Kingdom, however, has now taken matters into its hands and has collaborated with public and private sector organizations as well as law enforcement across the UK and abroad to address the issue.
“Child sexual abuse remains a priority threat for the NCA. We are continuing to pursue high-risk online offenders to ensure they are arrested and children are safeguarded” an NCA spokesperson told Standard.
If you are a Zoom user follow the below-given precautions to protect yourself from hackers.
1- Enforce complex Zoom meeting passwords by default for all users
2- Credential stuffing is a known issue in the industry, and the Zoom application is one of the hackers’ targets.
3- Users (and average consumers) are advised not to re-use their passwords on other apps and websites and monitor for potential data breaches via services such as HaveIbeenPwned and AmIbreached.com.
4- Implement multi-factor authentication where possible
5- Organizations are encouraged to consider a data breach monitoring solution to reduce their exposure window and mitigate the risks.