Concerns raised after lewd materials posted by uninvited guests.

A screenshot shows choir members rehearsing online using the Zoom platform in Riga, Latvia, on April 14. [Reuters]

Education institutions have been forced to rethink how to teach their students after the most popular online platforms were targeted by hackers who introduced inappropriate content.

While some schools have continued with the online lessons, others have pulled the plug after uninvited users gained access to the virtual classrooms and streamed pornography.

Video teleconferencing platforms such as Zoom have become essential to staying connected in the wake of the coronavirus crisis, but as the platform’s popularity has increased so have cases of hackers disrupting meetings, now called Zoom-bombing.

One way this is made possible is through the sale or sharing of illegally obtained passwords on social media platforms such as Twitter.

Braeburn School became the latest institution to fall victim to a security breach, forcing it to suspend use of Zoom and Google Meets just three days after it had started remote learning.

“The breaches took place on the Zoom platform and from today, the use of Zoom will be temporarily suspended,” said the school’s secondary head teacher David Dunn.

In an email to parents earlier in the week, the school said, “We have identified a pattern and, unfortunately, a minority of our students have been sharing confidential links with people outside the school.”

St Austin’s Academy in Lavington, which had a similar incident, said the breach was caused by “inconsistent settings” on the platform and that it had made the necessary adjustments.

This after parents complained that Zoom had been infiltrated by hackers who posted pornographic material that disrupted the classes.

“Inappropriate information was shared, which, of course, cannot be condoned and has caused a lot of anxiety... To mitigate any further interference, we have had all settings standardised by the administrator,” school principal Simba Song’e told parents on Tuesday.

Disruption

The uninvited access and disruptions have also been a problem for institutions of higher learning such as the University of Nairobi and Strathmore University, with both reporting incidents, as well as professional associations.

On April 16, members of the Institution of Engineers of Kenya had hoped to have a meeting on Zoom but the session was hijacked and they were bombarded with pornography.

These are not isolated cases and cyber security experts across the world have raised concerns over Zoom’s privacy weaknesses.

Tyrus Kamau, a cyber security consultant in Nairobi, has twice been a victim of breach of privacy on the platform.

Mr Kamau described one of the breaches as ‘ironic’ because he was in a virtual meeting to discuss cyber security in Africa when the session was disrupted.

But while some of the breaches have merely been disruptive, hackers have stepped up their game and are now attempting to steal users’ information.

“The second case was more complicated because the users were sharing files using Zoom’s file sharing service. This led to someone who was not part of the meeting to share a malicious PDF file that, once clicked, exposed users to hackers on the internet,” Kamau said.

The file, he said, planted a key-logger that recorded all the keystrokes on a victim’s computer. “This is very dangerous especially if you do online banking because all your details will be captured.”

According to Kamau, the security flaws are a result of a surge in internet traffic and Zoom relegating user and data security given their low numbers.

From a relatively unknown application before Covid-19 forced the world to adapt to working from home, Zoom has become ubiquitous with working during the pandemic.

10 million

By the end of December last year, the maximum number of daily meeting participants, both free and paid, on Zoom was approximately 10 million, the company said.

In March, that number had increased 20-fold and the platform was reaching more than 200 million participants. 

“Zoom was relatively unknown before this pandemic. With the surge in users, many people are now hunting for vulnerabilities within the app. Also, they never considered security to be a big deal given their small user base as compared to big players such as Microsoft Teams or Cisco Webex,” Kamau said.

But not all the blame can be placed on Zoom, the cyber security expert said, adding that users are advised to practise ‘cyber hygiene’ and caution.

“Set up a one-time password and share it with your users privately. Do not broadcast the meeting ID and, if you must, restrict what people can do with the meeting like file sharing and screen sharing.”

Business
Premium Financial hardships dampen Easter celebrations among Kenyans
Business
Premium Water PS Korir put on the spot over Sh14m dam land
Business
Premium Looming crisis as top lenders stare at Sh500b in bad loans
Business
Premium Ruto's food security hopes facing storm amid fake fertiliser scam