Hackers hijack Singapore home-based lessons on Zoom to allegedly show obscene photos to children

SINGAPORE - What was supposed to be a home-based geography lesson on video conferencing platform Zoom for Secondary 1 student Zee, 13, took a traumatising turn when hackers allegedly hijacked the stream and started showing pictures of penises.

These hackers, who Zee said were two Caucasian men, then allegedly told the girls from her class of 39 students who were watching to "show us your boobs".

Her civil servant mother, who wanted to be known only as Miss Loh, 47, told The Straits Times on Thursday (April 9) that she was horrified at what had happened.

She then informed the teacher of her daughter's school, which is in the eastern side of Singapore.

"When she is surfing the Internet, she does not encounter such things. Home-based learning is supposed to be a safe space, but now our children have to be exposed to such things?"

"I know it's difficult to manage but as a parent I feel very concerned," she said.

Zee's experience is not a unique one, as reports continue to pop up all around the world about cyber security incidents relating to Zoom.

The platform has been enjoying success due to the disruptions imposed by Covid-19.

With most people working from home and students doing home-based learning, Zoom has been the choice video conferencing tool for many workplaces and schools, given its ease of use and the fact that it is free.

Even the Government here uses it to hold some of its press conferences.

It is now more popular than the offerings from tech giants such as Microsoft's Skype and Google's Hangouts.

Zoom, which first came on the scene in 2013, said it reached 200 million daily users in March, far higher than the maximum 10 million daily users it had last December.

[[nid:483720]]

But in the past few months, reports of uninvited people crashing Zoom meetings, on what has come to be known as Zoombombing, has been increasing.

This was possible because of Zoom's initially lax security features, which include how not all of its meetings required a password to join in and how it did not offer end-to-end encryption for its calls.

Officials at Berkeley High School in California said they suspended Zoom after a "naked adult male using racial slurs" intruded on what the school said was a password-protected meeting on Zoom, according to a letter to parents seen by Reuters.

The Federal Bureau of Investigation (FBI) in the United States said that last month in Massachusetts, while a teacher was conducting a class through Zoom, a person dialed in, shouted a profanity and then the teacher's home address in the middle of the instructions, the FBI said.

Countries such as Taiwan, Germany and Malaysia have already put restrictions on the use of Zoom, as have schools in the US.

On Wednesday, it was reported that the company is facing a class-action lawsuit by one of its shareholders, who alleged that the company failed to disclose issues with its video conferencing platform's privacy and security.

Replying to queries from ST, a Zoom spokesman said the company has changed some default settings for education users, and is adding passwords for its free basic users.

Such a feature was previously not enabled.

[[nid:484060]]

"We have been deeply upset by increasing reports of harassment on our platform and strongly condemn such behaviour. We are listening to our community of users to help us evolve our approach and help our users guard against these attacks," he said.

Zoom's CEO, Mr Eric Yuan, has apologised for his platform's security flaws, admitting in a blog post last week that "we have fallen short of the community's - and our own - privacy and security expectations".

Mr Bryan Tan, a lawyer from Pinsent Masons MPillay specialising in technology law and data protection, said that Zoom actually has a lot of security protection settings but users are not aware of them or are not inclined to use them.

"Could Zoom have done better here? Sure, in terms of education and perhaps default settings, it could do more."

"Users can also take steps to protect themselves by using these tools that have been made available."

When asked why the Government is still using Zoom for some of its meetings, which include briefings with the press, a spokesman for the Smart Nation and Digital Government Office (SNDGO) said that the Public Sector has implemented telecommuting to reduce the level of person-to-person contact, which will include using a "variety of tools".

"For remote communication and collaboration, government agencies use secure channels to conduct meetings and discussions internal to the public sector," said the spokesman.

[[nid:483908]]

"To facilitate communication with external parties on non-sensitive matters, government agencies use a variety of tools including Zoom, for the convenience of these parties."

Experts such as Mr Stas Protassov, president and co-founder of cyber security company Acronis, advised that to prevent Zoombombing, users should familiarise themselves with its security features and update the app, as the company has been installing security features.

He said: "Educate yourself on the available security feature and make sure you are using a fully updated version of Zoom.

"Those measures, if implemented by the meeting organisers, will make participants protected from 'Zoombombing' and other risks."

ST has reached out to the Ministry of Education for comment.

For the latest updates on the coronavirus, visit here.

This article was first published in The Straits Times. Permission required for reproduction.