Connecticut Attorney General William Tong said he was attending a conference this week with state Lt. Gov. Susan Bysiewicz via the video conferencing app Zoom when hackers inundated the meeting with “hundreds of profane and racist comments.”
It’s a sign of the need to evaluate the California-based online platform’s online security and privacy, Tong said.
It’s an important issue as COVID-19 precautions have forced lawyers throughout the country to work remotely, making Zoom increasingly popular among attorneys and judges.
In New York, Attorney General Letitia James said the state is monitoring Zoom’s data and privacy practices amid the app’s growing popularity.
And across the nation, breeches could be far-reaching.
Use the ‘waiting room’ feature
In Texas alone, for instance, about 3,000 judges use Zoom to conduct business in place of in-person court activities, according to Judge Roy Ferguson of the 394th Judicial District.
The many Zoom troll groups out there are among the concerns for Ferguson, who oversees five counties covering about 20,000 square miles.
“They are attacking Zoom meetings nationwide,” the judge said. “I have, though, not heard of any cases in Texas because we have activated the ‘waiting room’ feature so no one can pop in.”
The judge relied on the feature to ensure public access to criminal felony proceedings, probation status updates and a COVID-19 emergency hearing. But he also used it to ward off malicious transmissions.
“If you publicize your meeting code, the trolls will attend your meeting and will attack the meeting,” Ferguson said. “If you don’t have the waiting room feature on, which not everyone does although we do in Texas, trolls will enter the room and flood it with inappropriate materials like porn, or just kill the meeting. They can also send infected files to all the participants through various features, and try to hack participating computers.”
Generate new codes for each meeting
Lawyers advise users to take steps to ensure their own security.
“I think people were expecting too much from Zoom,” said attorney David Conrad, a principal of the Dallas, Texas, offices of nationwide firm Fish & Richardson, which ranks 84th on Am Law 200.
Conrad’s practice involves a wide range of technological issues involving e-commerce, website systems and computer software.
“Many people don’t think about security, and about whether their conversations are secure. They need to realize that it’s just like any other videoconference platform, and there are limitations on how secure those systems are.”
Conrad said Zoom has been pro-active in getting some of the kinks out and addressing certain vulnerabilities. But he said the users should still work to make their Zoom meeting as secure as possible by deciding which callers to allow into each meeting.
“Even if the meeting’s ID and password get out, the host still has control,” he said.
To help avoid hackers and trolls, Ferguson and other judges generate new meeting codes for every hearing.
Fred Scholl, professor and director of the cybersecurity program at Quinnipiac University in Connecticut, advises constant vigilance.
“You should update your Zoom application on almost a daily basis,” Scholl said. “You need to keep up with technology. And it’s changing everyday. Zoom might ask if you want new updates because there are new versions available. Take the time to say yes.”
Control screen shares
Other features protect users by limiting what participants can display.
“You can prevent people from screensharing via the meeting, unless you authorize them,” Scholl said.
Beware of fake tech support
“There are many tech-support scams out there,” Scholl said. “Now that millions of people are using Zoom, there are trolls setting up fake websites for tech support in Zoom. There are also phone scams, and you can expect more scams. It’s so easy to set up a fake website. There is only one real website for Zoom tech support, and that’s at zoom.us.”
In Connecticut on Friday, Tong put out an advisory encouraging everyone to practice safer videoconferencing that includes ensuring the video conference software is up-to-date and that the conferences are private “either by requiring a password for entry or controlling guest access through a virtual waiting room.”