NewsCoronavirus

Actions

New warnings issued about security of Zoom meetings

Posted at 6:18 PM, Apr 01, 2020
and last updated 2020-04-01 18:18:11-04

As the coronavirus began taking hold of American communities, many people began working from home. To maintain that person-to-person contact, workers are turning to Zoom for business meetings and students of every age are using Zoom for at-home class lessons.

While video conferencing is surging in use, so are the number of cyber criminals causing disruptions.

"It's very easy to get into an open meeting if its not secured properly," said Scott Schober, aa cybersecurity expert and the author of "Hacked Again" and "Cybersecurity is Everybody's Business."

"Cyber criminals are causing mischief, they're cursing, they're putting up pornographic pictures, they're creating disruption, it's just havoc," Schober said.

When they get in to a meeting, it's called "zoom bombing." In recent weeks, social media has lit up with people reporting they've been hit. It's become such a problem, the FBI sent out a warning.

Creating a zoom account, begins with the user being assigned a "PMI."

Schober said it's a 10-digit personal meeting ID number that's associated with the zoom link.

"The problem is once that link gets out, there the bad guys either gets it or they get a copy of it and they put it up in their browser and if they're there at the right time they can easily join the meeting," Schober said.

Schober offers these tips:

  • Use a password to lock the meeting - this is a physical password that you control as a host.
  • Assign a host - The host will start the meeting and he or she can see every person who joins.
  • Know the number of participants - when that number is reached, lock the meeting so no one else can join.
  • Prevent participants from sharing their screen
  • Don't use your PMI - instead, create a unique link for each meetingSet up a meeting room

"Setting up a meeting room is like two-factor authentication, another layer of security," said Schober. "Before the meeting starts, any body that joins will be automatically placed in this room and now as the host you can vet them and say yes that's John Smith, you're allowed in the meeting click and move them over to the room."

The Office of the New York State Attorney General told PIX11 they have sent a letter to Zoom, with questions in regards to the company taking appropriate steps to ensure users' privacy and security.

PIX11 reached out to Zoom. We received the following statements:

“Zoom takes its users’ privacy, security, and trust extremely seriously. During the COVID-19 pandemic, we are working around-the-clock to ensure that hospitals, universities, schools, and other businesses across the world can stay connected and operational. We appreciate the New York Attorney General’s engagement on these issues and are happy to provide her with the requested information.”

“We take the security of Zoom meetings seriously and we are deeply upset to hear about the incidents involving this type of attack. For those hosting large, public group meetings, we strongly encourage hosts to review their settings, confirm that only the host can share their screen, and utilize features like host mute controls and "Waiting Room" . For those hosting private meetings, password protections are on by default and we recommend that users keep those protections on to prevent uninvited users from joining. We encourage users to report any incidents of this kind directly to https://support.zoom.us/hc/en-us/requests/new so we can take appropriate action.”