'Zoombombed', Singapore halts use of Zoom videoconferencing for education

Hackers 'zoombomb' video calls mainly because users tend to hold public meetings out of convenience, instead of password protected ones

Update: 2020-04-10 13:04 GMT
In this picture taken on March 30, 2020, YogaUP founder Chaukei Ngai greets her students as they appear on her laptop screen via the Zoom online video conferencing platform, at the start of a live streamed yoga class at her studio in Discovery Bay, on the outlying Lantau Island in Hong Kong. (Photo | AFP)

Hong Kong: Singapore has suspended the use of Zoom for online education after hackers hijacked a lesson and showed obscene images to students.

In what is known as "Zoombombing," two hackers interrupted a geography lesson a day after Singapore closed schools on Wednesday in partial lockdown measures to help curb local transmissions of the coronavirus.

Lessons have moved online, with some teachers using video conferencing tools like Zoom.

Singapore's Ministry of Education said it was investigating the "serious incidents" and may file police reports.

"We are already working with Zoom to enhance its security settings and make these security measures clear and easy to follow," said Aaron Loh, director of the ministry's Educational Technology Division.

"As a precautionary measure, our teachers will suspend their use of Zoom until these security issues are ironed out," Loh said.

Singapore is not the only country to be affected by the teleconferencing disruptions. The FBI issued a warning on March 30 advising users to avoid making Zoom meetings public after it received multiple reports of teleconferences and online classrooms being disrupted by hackers displaying hate messages or shouting profanities.

Part of the "Zoombombing" problem occurs because users tend to create public meetings out of convenience. That allows anyone to join a meeting as long as they have a link for it, according to Michael Gazeley, managing director and co-founder of cybersecurity firm Network Box.

"Details of conferences are often given out in a public manner, because organizers want as many attendees as possible," said Gazeley.

"With Zoom, it was possible to set up meetings without passwords, so of course many people did just that. Whenever humans are given a choice between convenience and security, convenience almost always wins," he said.

Zoom implemented stronger security measures last week, such as enabling passwords and virtual waiting rooms for users.

"We have been deeply upset by increasing reports of harassment on our platform and strongly condemn such behavior," a Zoom company spokesperson said in an emailed statement. "We are listening to our community of users to help us evolve our approach and help our users guard against these attacks."

Security researchers previously found software vulnerabilities in Zoom, particularly for Mac users, where hackers could take over a user's webcam feed. Zoom has since fixed the issue.

Tags:    

Similar News