Anyone Used Zoom? Problems?

[mosaix]

Last night, as part of her Continued Professional Development, Mrs Mosaix was involved in her weekly Zoom meeting with other members of her professional body.

Towards the end of the meeting a graphic child-abuse video, involving a male and young girl, was displayed across the screen. The meeting was quickly abandoned.

Two questions:

1) How is this possible? The link to the meeting was distributed to members only and was password protected.

2) Why? Just what is the point? To shock? Mrs Mosaix is, understandably, somewhat traumatized and has had a bad night's sleep. She's never seen anything like it before and is now reticent about being involved in future meetings.

There's some scum out there.

 

[The Judge]

The Judicial Helpmeet has used Zoom 3 or 4 times and *touch wood* hasn't had any problems yet. As you say, the link is given only to members and there's a password, but if the information is sent by email, then perhaps that might be a way in for hackers if they've previously got hold of someone's email details? (Techno-idiot here, so no idea what can and can't be done.)

And yes, the enjoyment of shocking people is undoubtedly part of it, or doing it just because it can be done.

I trust it's been reported to the police? If anyone in the meeting took screen shots to give the police evidence, though, they must be removed immediately, as it's an offence for anyone to retain them, even mistakenly. (In fact, I've seen it argued that even taking them for evidence is a possible offence.)

Do pass on my sympathy to Mrs M. I can well imagine it's soul-destroying.

 

[The Big Peat]

Well, that's just disgusting, and my deepest sympathies to your wife.

But yes, there have been problems with Zoom. I believe there was one semi-famous case with a governmental body of some sort early on, and one of my wife's friends has had a similar if far less scarring problem. It happens.

I suspect they probably don't need the link and password. I'm guessing - and this is pure guesswork - that a hacker looking solely to shock at random will simply enter likely urls until they hit something that matches (point in case - thread 12345 here is 4:11 Point of No Return; zoom urls might be more complicated, but enter enough numbers/letters and you'll get something). Password - either common guesses or brute force cryptology.

I believe that Zoom can be set up so that people can only join the meeting when let in by the Admin, who is notified of people who've entered the password and want to join. If the admin sees a request from someone they don't recognise, they don't let them in. That seems to me the only way to be sure of preventing reoccurrences of such behaviour. And if Zoom doesn't do that, I'm fairly sure there's others that do.

 

[The Judge]

I forgot to add in my post, that do ensure a complaint is made to Zoom so the company knows what happened. It's already facing legal action in the US, so the more pressure is put on it here, the better for security purposes.

US church sues after bible study 'Zoombombed' by child abuse

A hacker took over worshippers' computers and played 'sickening' images of child abuse, the suit says.

www.bbc.co.uk

 

[Elckerlyc]

Zoom has a bit of ill repute here in The Netherlands. There have been several occurrences such as described by @mosaix. Including at an online city hall meeting and church services. Zoom is not save to use, also when it comes to protecting your privacy.
My advice would be to look for alternatives.

 

[AlexH]

I'm really sorry to hear this. I hope whatever sick, vile person that shared this (never mind the scum involved in the video) are somehow found and punished - a punishment that would never be strong enough.

Zoom is well know for its security issues. I've avoided installing it on my computer, but it is on my work laptop. I've avoided Zoom meetings because of these issues, but now I feel I should let everyone I know using it about this incident.

I recommend using Skype instead. Only one person needs an account. They can set up a group call, and people just need to click the link, where the option to join within the web browser is shown. Anyone, let me know if I can help. People I know have avoided using Skype because Zoom is the popular thing, and many of them are using this sort of technology for the first time, making things even more difficult.

I don't know if Skype is foolproof, but they are owned by Microsoft, and Skype has been around for a looooong time. Zoom, as a company, haven't been able to cope with the increase in demand.

 

[-K2-]

Because of these sorts of problems, Microsoft made available their 'Teams' software which is supposedly much more secure and less prone to user issues (not setting up security well). Here is a recent comparison:

Zoom vs. Microsoft Teams: Which video chat app to use during quarantine

The coronavirus pandemic has many people working from home and connecting with family, friends and coworkers through video chat. Here are two options for staying in touch.

www.cnet.com

K2

 

[Astro Pen]

I would not use it for anything professionally critical or private.
There are adages to consider:

If you are not paying you are not the customer.
The internet is for ever.
The NSA have it all*
''People'' don't read your stuff, AI text, speech and face recognition does. and it is very, very fast.

*If you think the NSA is a few officers listening in on calls and taking screen grabs I have news.
(and this article was seven Moores law years old,)

The NSA Data: Where Does It Go?

Massive data centers can store the equivalent of 250 billion DVDs. What might that look like?

www.nationalgeographic.com

 

[mosaix]

Update. The professional body reported the incident immediately and interviews with the police took several hours. Glad it’s being taken seriously.

 

[Jo Zebedee]

Update. The professional body reported the incident immediately and interviews with the police took several hours. Glad it’s being taken seriously.

So sorry to hear this happened

 

[Cydramech]

That really sucks. Been hearing similar stuff happening recently in regards to Zoom, but not entirely surprised it may be spiking - the more any piece of software gets used, the more demand there is to design hacks and malware to get past its security system, and if there is no security system in place, it's easy enough that anyone can abuse it.

Needless to say, it sounds to me like Zoom (or whoever owns it) needs to step up (and users too), and so does any other company that plans to offer similar software. (I don't know if they do it or not, but I'd enable 2FA and allow the creator/owner of the conference meeting to enforce 2FA for all members like what can be done on Discord for anyone with an administration role - I certainly will not allow anyone to moderate a server I administer on Discord without 2FA. That would go a long way, even though it wouldn't be the end of fighting such malicious attacks.)

 

[AlexH]

Does anyone know if disabling screen sharing can prevent these hacks? Zoom security: Your meetings will be safe and secure if you do these 10 things | ZDNet

I don't think any software is foolproof, but I trust Microsoft (I never thought I'd say that) more under the current circumstances, so think Skype and Teams are probably safer, though that's partly down to the fact that Zoom is likely being targeted more.

 

[Elckerlyc]

...but I trust Microsoft (I never thought I'd say that) more under the current circumstances...

 

[Cydramech]

Does anyone know if disabling screen sharing can prevent these hacks? Zoom security: Your meetings will be safe and secure if you do these 10 things | ZDNet

I don't think any software is foolproof, but I trust Microsoft (I never thought I'd say that) more under the current circumstances, so think Skype and Teams are probably safer, though that's partly down to the fact that Zoom is likely being targeted more.

Skype is almost certainly safer only due to fewer people using it in recent years, but it's also not that big of a security concern for reasons most believe.

Skype was released in 2003, becoming popular due to being better than all of the alternatives over the next few years, but most importantly it was better than MSN Messenger. Who acquired Skype in 2011? Microsoft, of course; the same one that created the dreadful MSN Messenger. That was the point of no return, with many users deciding to quit using Skype. Then if that's not bad enough, 4 years later, Discord was released. Hailed as a communications platform for gamers and by gamers, its popularity skyrocketed overnight, leaving Skype in the dust even more. Finally, the coffin was sealed in 2018 when news of a major security flaw was published, which even if MS did patch it later, the damage was still done.

Skype is a major security concern due to the fact that it probably has one of the highest numbers of compromised accounts anywhere online, due to the number of abandoned accounts (if an account password is never changed, it'll inevitably get hacked). If you're still on Skype, chances are that more than half your contact list are malware-infested bots; if you quit Skype, never having linked it to your MS account, chances are your password was changed and you'll never get access back on your original account, and someone out there is tarnishing your user account with malware.

(I, myself, still have my original Skype account since I merged it with my MS/Messenger account, and I only had MSN Messenger back then due to guild requirements, and I don't use Skype anymore except to hold out hope that a few people contact me one day.)

 

[hitmouse]

I use Skype for Business ( not the same as Skype), and Teams at work, several times a day. Use Zoom at home for family and friend meetings a number of times each week. Previously used Skype a lot. Tbh there is not much to choose between the interfaces. Not had a problem with zoom, but each meeting is prescheduled with a unique ID and password, and only the host can admit. I wasnt aware that it could be used any other way.