Trolls Exploit Zoom Privacy Settings During COVID-19 Lockdown

Working and socialising from home has brought new risks to everyday life, as webcam meetings and chatroom cocktail hours contend with privacy invasions, phishing attacks and “zoombombings” – uninvited guests abusing the popular video service to broadcast shocking imagery to all.

Public Zoom hangouts have become a popular way to spend time for isolated remote workers, who are joining calls with names such as “WFH Happy Hour” to spend time in the company of others.

But the default settings of the service are configured in the expectation of trust between participants, meaning trolls can wreak havoc. Some zoombombers have used the screensharing feature to broadcast pornography and violent imagery. Others have revelled in the opportunity for exhibitionism, while security experts have said the file transfer feature that is switched on by default could be used to spread malware.

During one WFH Happy Hour last week, for instance, a troll joined the group and, using the screensharing feature, aired a pornographic clip to the call’s 40 participants. Because the call was public – so that anyone wanting some company in the evening could swing by, replicating a welcoming pub – the anonymous user simply rejoined and continued to broadcast, eventually forcing the hosts, Hunter Walk and Casey Newton, to close the event.

Newton, a journalist, told TechCrunch shortly afterwards: “I want to apologise to all our attendees — including my parents, Jim and Sally, who joined WFHappyHour today for the first time. Today we all learned an important lesson about disabling screen-sharing and saw once again the importance of good content moderation.”

Other zoombombing instances have been more malicious. Ruha and Shawn Benjamin told NBC News of their experience when a racist troll – wearing nothing but a thong – gatecrashed their reading session for children stuck at home and began repeating the N-word multiple times. “Then we knew it was a malicious, targeted thing. My husband and I are both African American,” Ruha Benjamin said.

Other aspects of the service have also come under criticism. One Zoom feature allows hosts to tell if guests are looking at a window other than the Zoom chat – perfect for bosses who want to ensure their employees are paying attention, but an unexpected invasion of privacy for many. On Thursday, Vice News reported that the service’s iOS app was sending some analytics data to Facebook, even if users did not have a Facebook account.

The company said in a statement: “We have been deeply upset to hear about the incidents involving this type of attack. For those hosting large, public group meetings, we strongly encourage hosts to change their settings so that only the host can share their screen. For those hosting private meetings, password protections are on by default and we recommend that users keep those protections on to prevent uninvited users from joining. We also encourage users to report any incidents of this kind directly to our support so we can take appropriate action.”

In a blogpost addressing the rise in zoombombings, the company said: “Like most other public forums, it’s possible to have a person (who may or may not be invited) disrupt an event that’s meant to bring people together.” It offered a list of tips on how to prevent them, such as not posting links on public social media when possible.

Colin Tankard, the managing director of Digital Pathways, a cybersecurity company, said the technical security of Zoom was strong and protected callers against eavesdropping. He said: “The security risks using such services hinge more around how secure your password is in gaining access to your conference dashboard, as if weak passwords are used, a hacker could copy the meeting ID and then connect during the call hiding their identity or appearing as a valid caller.”

But none of the concerns have hurt the fortunes of Zoom Video, the company behind the software. It has become so popular in the last two weeks that on Thursday the US Securities and Exchange Commission suspended trading in stocks in Zoom Technologies, an unrelated company but one with the stock market ticker ZOOM. Zoom Video’s is actually ZM.

That same day an app called Zoom became the third most popular paid app on Apple’s App Store. That Zoom is a £3.99 magnifying glass app. The chat service Zoom is free.

READ MORE HERE