(Photo Illustration by Rafael Henrique/SOPA Images/LightRocket via Getty Images)

The FBI is warning the public to watch out for hijackers trying to infiltrate their Zoom video sessions

“The FBI has received multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language,” the agency issued in a notice on Monday.

The coronavirus pandemic has helped make the video conferencing service one of the most popular apps in the country. Unfortunately, that same popularity has also turned Zoom into a target for racists and pranksters, which can be especially problematic for educators reliant on the service.

In today’s warning, the FBI’s Boston field office recounts two hijacking incidents involving local schools that were using Zoom to conduct online classes. “In late March 2020, a Massachusetts-based high school reported that while a teacher was conducting an online class using the teleconferencing software Zoom, an unidentified individual(s) dialed into the classroom. This individual yelled a profanity and then shouted the teacher’s home address in the middle of instruction,” the FBI said.

In the second incident, the culprit infiltrated the Zoom session to display Swastika tattoos on his body. The hijackings, also known as “Zoom-bombings,” are starting to emerge as a nationwide threat, the FBI adds.

Other countries are witnessing hijacking attempts as well. Earlier this month, a school in Oslo, Norway, reportedly had to shut down online video lessons after a naked man infiltrated a session attended by 9-year-old students.

The hijacking attempts can occur because users of the video conferencing services are holding the meetings on public channels, which are then shared over the internet via URLs, making them accessible to anyone. In other cases, the hijackers can sometimes guess the right URL or meeting ID for a public Zoom session, giving them access to the feed.

So to stay safe, the FBI is encouraging Zoom users, especially at schools, to make their video conferencing sessions private. “In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests,” the agency said. “Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.”

In a statement, Zoom also said: "For those hosting large, public group meetings, we strongly encourage hosts to review their settings and confirm that only the host can share their screen." This will prevent unwanted hijackers from taking over the main video feed on a public session.

"For those hosting private meetings, password protections are on by default and we recommend that users keep those protections on to prevent uninvited users from joining. We encourage users to report any incidents of this kind directly to https://support.zoom.us/hc/en-us/requests/new so we can take appropriate action," the company added.

For more tips on using Zoom and its waiting room feature, you can check out our guide.

Editor's Note: This story has been updated with comment from Zoom.

Further Reading

Security Reviews