A Zoom bombing
attack hit a U.S. government meeting that was held despite clear
recommendations from the FBI not to use the software.
Zoom has been
struggling with this security issue for a long time, and it seems to be a
bigger problem for the company than any other vulnerability. To be fair, Zoom
implemented a number of new security measures in the past few weeks, but it’s
difficult to protect people against their own carelessness.
The FBI issued a
stark warning a few weeks ago regarding the use of Zoom and the dangers of
Zoom-bombing, followed by advice to avoid using the platform for government
affairs. Since it’s not a hard rule, some people continue using it, and a
Zoom-bombing incident occurred during a U.S. government meeting.
The incident wasn’t
made public at the time, but it was entered into the public record when
representative Jim Jordan (R-Ohio) sent a letter to Carolyn Maloney (R-NY),
chairwoman for the Committee on Oversight and Reform.
“In spite of the
warnings by the FBI and media outlets, on April 3, 2020, you held a Zoom-hosted
Member briefing on women’s rights in Afghanistan with the Special Inspector
General for Afghanistan Reconstruction (SIGAR),” wrote Jim
Jordan. “During this important briefing, the session was ‘Zoom-bombed’ at least
three times. The impact of hacking and malware on Member and staff devices is
still being determined.”
Not details of the
attack were given but, depending on the level of openness of the Zoom
conference, attackers could even share images, download presentations, or
simply shout offensive words. The purpose of the letter was to prompt government
officials to stop using Zoom, at least until the proper authorities vet it.
Information
about a potential zero-day vulnerability available
for sale has been floating around for at least a week, although it has yet to
be confirmed by Zoom. Furthermore, Zoom credentials are already selling on the
black market, and that’s yet another possible attack vector.