Video conference security warning
A rapid rise in the use of video conferencing platforms is attracting unwanted attention.
Users of video conferencing services have been warned about the potential for security and privacy breaches.
The large section of Australia’s workforce now working from home because of the coronavirus (COVID-19) pandemic has seen a spike in the use of online video conferencing platforms.
Queensland University of Technology (QUT) School of Computer Science Senior Lecturer Dr Leonie Simpson said there had been questions raised around the privacy and security of some of those platforms, including the highly popular Zoom.
She said some businesses had banned the use of the platform which the Los Angeles Times reported, went from 10 million to 200 million users between December and March this year.
“The change from working in the workplace to working at home happened really quickly so a lot of people said, ‘let’s get something that is really easy’,” Dr Simpson said.
“Zoom is easy to use but there are some concerns around it.”
Dr Simpson (pictured) said it was important businesses and individuals took steps to protect their privacy and security when conducting meetings.
“Check the meeting security settings - limit who can join in and stop anyone but the host from screen-sharing, to avoid some of the issues, such as Zoombombing,” Dr Simpson said.
“Avoid sharing links to the meeting through social media and do not share any confidential information this way.”
“Zoombombers” are uninvited people who randomly join meetings.
“It is easy to join a meeting,” Dr Simpson said.
“You just need to put in a code, which is nine numbers or so, and people have been guessing codes, putting in numbers and suddenly appearing in meetings.
“If you have a meeting with quite a lot of participants there could be someone in the meeting who should not be there.
“You need to consider what is being discussed at the meeting and whether that would be problematic if it’s quite confidential.”
Zoom has responded to concerns about uninvited guests joining meetings and has posted guidelines to prevent it from happening. The company also reacted to concerns about the level of encryption the platform used in a blog post.
Cybersecurity Researcher at the University of New South Wales Business School Dr Yenni Tim also warned users of video conferencing platforms about the potential to fall victim to phishing attacks by cyber criminals.
“While the world is grinding to a halt, cyber attacks are on the rise, preying on public fear and anxiety,” Dr Tim said.
Between 10 and 26 March, the Australian Cyber Security Centre (ACSC) received more than 45 cybercrime and cyber security incident reports which were all linked to COVID-19 themed scams and phishing activity.
“As more people start using online communication platforms, such as Zoom or Teams, opportunistic and malicious actors will be very quick in setting up phishing attacks,” Dr Tim said.
“They send Zoom look-alike emails embedded with malware or bring people to malicious websites with the word ‘Zoom’ in them to trick them into providing data or download malicious files.”
The ACSC reported many phishing emails contained links to fake websites that automatically installed viruses on the user’s devices once opened. This gave cyber criminals the ability to steal the user’s financial and personal information.