When any technology sees its popularity increase quickly, the number of bad actors taking advantage of new and untrained users also grows. The world is seeing this now with videoconferencing services and applications, as reports about the popular Zoom app being hijacked — known as “Zoom-bombing” — have surfaced.

With multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language, the FBI’s Boston office recently issued a warning for users of videoconferencing platforms about the incidents. Security expert and investigative journalist Brian Krebs provided details on Zoom’s password problems and how hackers were able to use “war dialing” methods to discover meeting IDs and passwords for Zoom meetings.

While hijacked meetings are disruptive and disturbing for participants, a more insidious threat is intruders who lurk in meetings without revealing their presence — a nightmare for corporate security and individual privacy alike.

Another nightmare: thousands of private recordings of Zoom meetings have been discovered on the open web, according to The Washington Post. Zoom told The Verge that its own servers had not been breached and that the videos had likely been uploaded by users to other cloud storage services. But they were easily found through search because they used the company’s default naming convention for recordings.

Locking down meetings

The good news is that many videoconferencing products include security settings that can prevent such incidents. The bad news is that it’s often left to users with no security training to configure these settings.

We’re here to help. As part of its advisory, the FBI offered safety tips for companies, schools and individuals using videoconferencing services. After speaking with other security experts, we’ve expanded on those ideas to create this list of web meeting security do’s and don’ts.

Source link


Please enter your comment!
Please enter your name here