Michigan attorney general warns of video conferences being 'hijacked'

AG Dana Nessel
Posted at 3:22 PM, Apr 02, 2020
and last updated 2020-04-02 15:41:54-04

LANSING, Mich. — Michigan Attorney General Dana Nessel is warning residents that their video conferences can be "hijacked" through cybersecurity breaches.

The hacks into video conferences come as more businesses, schools and others use video to communicate remotely amid the coronavirus outbreak, according to the attorney general's office today.

“We were alerted to this problem by a Michigan reporter who participated in a Zoom conference that was hijacked,” Nessel said.

“Since then, we have learned of other incidents around the country. There are steps people can take to protect their cybersecurity, and we encourage all users to follow the proper procedures to ensure their teleconferences are secure.”

The attorney general's office said the FBI has received reports of Zoom video conferences being "disrupted by pornographic and/or hate images and threatening language."

Schools using the technology have also reported "interruptions" in their sessions.

In Michigan, the hacks could result in "criminal charges under several statutes."

The FBI recommends the following steps — including the host preventing screen sharing — to mitigate "hijacking threats.":

  • Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
  • Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
  • Manage screen-sharing options. In Zoom, change screen sharing to “Host Only.”
  • Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated its software. In the security update, the software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
  • Ensure that your organization’s telework policy or guide addresses requirements for physical and information security.