視頻會(huì)議不斷被黑客入侵,,如何防范“Zoom炸彈”,?
David Z. Morris
2020-04-07
自從冠狀病毒大流行開(kāi)始以來(lái),,隨著人們和企業(yè)越來(lái)越多地依賴視頻聊天,F(xiàn)BI波士頓辦公室本周稱,,“Zoom炸彈”事件正在美國(guó)各地蔓延,。Zoom是在疫情期間迅速走紅的視頻會(huì)議軟件,而“Zoom炸彈”專門(mén)針對(duì)Zoom,。它實(shí)際上是一種黑客行為,,而且已經(jīng)產(chǎn)生了令人不安的后果,。
比如在3月30日,不速之客攻擊了一次Zoom會(huì)議,,而諷刺的是,,這次會(huì)議的主題就是網(wǎng)絡(luò)攻擊。當(dāng)演講者開(kāi)始講述社交網(wǎng)站上有關(guān)冠狀病毒的不實(shí)信息時(shí),,一個(gè)黑客開(kāi)始在屏幕上亂涂亂畫(huà),,致使會(huì)議不得不提前結(jié)束。
諸如此類的Zoom黑客問(wèn)題在世界各地都在發(fā)生,,從互聯(lián)網(wǎng)上的匿名戒酒會(huì)到敏感的高層政府會(huì)議,,不一而足。下面就來(lái)介紹Zoom炸彈是如何發(fā)生的,,還有更重要的是如何防范,。
什么是Zoom炸彈?
眾多的Zoom炸彈事件已經(jīng)成了人們身邊的一種威脅,。黑客會(huì)溜進(jìn)正在進(jìn)行的Zoom會(huì)議,,通過(guò)說(shuō)臟話,叫喊帶有種族色彩的語(yǔ)言,,或在視頻圖像中添加令人反感的畫(huà)面來(lái)打擾會(huì)議參與者,,破壞視頻會(huì)議。
這樣的問(wèn)題使人們不禁要問(wèn),,使用Zoom是否還安全,?特別是在大型會(huì)議中,一個(gè)不速之客,,可能會(huì)在沒(méi)被注意的情況下記錄下會(huì)議內(nèi)容或收集相關(guān)信息,,進(jìn)而在一些特殊的情況下,讓這些成為間諜活動(dòng)或者敲詐勒索的方法,。
黑客如何進(jìn)入到他們本不應(yīng)該參加的Zoom會(huì)議中,?
大部分Zoom炸彈攻擊似乎并不是由Zoom的代碼缺陷造成的,而是由用戶的整體網(wǎng)絡(luò)安全狀況,,以及對(duì)Zoom不當(dāng)?shù)碾[私設(shè)置造成的,。
如果將Zoom會(huì)議設(shè)置為“公開(kāi)”狀態(tài),則任何有該會(huì)議正確鏈接的人都可以訪問(wèn)此次會(huì)議,。網(wǎng)絡(luò)安全公司Cybint的聯(lián)合創(chuàng)始人兼首席執(zhí)行官羅伊·祖表示,,黑客們只需在如Facebook這樣的社交媒體網(wǎng)站上搜索“ zoom.us”,即可找到這些地址,,這些網(wǎng)站經(jīng)常發(fā)布公開(kāi)會(huì)議的鏈接,。在Reddit等網(wǎng)站上也有專門(mén)的相關(guān)論壇,其中r / Zoombombing就是“Zoom課堂教學(xué)ID的專屬發(fā)布”。
如何防止在Zoom會(huì)議和視頻通話進(jìn)行時(shí)被騷擾,?
有多種重要而直接的方法可以保護(hù)你們的會(huì)議?!敦?cái)富》雜志向Zoom征求了答案,。Zoom建議閱讀詳細(xì)的用戶指南,其中包括了確保會(huì)議安全的注意事項(xiàng),。
其中,,最重要的一條是,Zoom用戶不應(yīng)公開(kāi)分享視頻會(huì)議鏈接,。這或許是最明顯有效的預(yù)防措施,。不要把會(huì)議鏈接發(fā)布到Facebook群或者會(huì)議的廣告推文中,而是通過(guò)電子郵件等更私密的方式來(lái)發(fā)布信息,。
其次,,把視頻會(huì)議設(shè)置為“私人”。目前Zoom已將所有新會(huì)議默認(rèn)設(shè)置為“私人”,,要求與會(huì)者提供密碼才能訪問(wèn),。但有些用戶為了圖方便,還是會(huì)經(jīng)常將會(huì)議設(shè)置為“公開(kāi)”,。鑒于當(dāng)下Zoom炸彈的嚴(yán)峻形勢(shì),,以不方便為代價(jià)來(lái)?yè)Q取安全還是值得的。
另外,,請(qǐng)勿使用個(gè)人會(huì)議ID,。每個(gè)Zoom注冊(cè)用戶都有一個(gè)私人會(huì)議ID,該ID實(shí)質(zhì)上是一個(gè)永久性虛擬會(huì)議室,。由于該ID不會(huì)更改,,因此公開(kāi)共享它會(huì)增加未來(lái)使用它的危險(xiǎn),導(dǎo)致以后進(jìn)行的會(huì)議遭到可能的黑客襲擊,。
為避免發(fā)生Zoom爆炸的風(fēng)險(xiǎn),,請(qǐng)僅與最信任的聯(lián)系人共享個(gè)人會(huì)議ID。通常,,Zoom會(huì)提示使用個(gè)人ID進(jìn)行“即時(shí)”會(huì)議,,而預(yù)定會(huì)議使用一次性會(huì)議ID,以此來(lái)降低風(fēng)險(xiǎn),。如果有人已經(jīng)與別人共享了個(gè)人會(huì)議ID,,且有安全方面的擔(dān)憂,羅伊·祖建議直接聯(lián)系Zoom,,更改ID,。
最后,限制視頻的共享,。如果會(huì)議主持人是唯一需要共享視頻的人,,例如在研討會(huì)或個(gè)人發(fā)言的情境下,,主持人應(yīng)將Zoom的屏幕共享設(shè)置更改為“僅限主持人”。 對(duì)于使用該軟件的K-12類,,Zoom已經(jīng)將此設(shè)置改為默認(rèn),。
使用Zoom安全嗎?
鑒于Zoom爆炸的蔓延,,有人可能會(huì)懷疑是Zoom軟件本身的問(wèn)題,。但羅伊·祖表示,Zoom通常在安全性方面表現(xiàn)很好,,大量Zoom爆炸事件最有可能是由于用戶不嚴(yán)格的使用習(xí)慣引起的,,而非軟件本身的漏洞。
但是作為一款非常流行的軟件,,Zoom天然就會(huì)承擔(dān)更高的風(fēng)險(xiǎn),。
“當(dāng)你看到某款軟件火了,黑客也會(huì)盯上它”,,祖說(shuō),。 同時(shí),反黑客和網(wǎng)絡(luò)安全組織,,包括政府背景的機(jī)構(gòu),,也會(huì)適時(shí)跟進(jìn)。他們將花費(fèi)更多的時(shí)間和精力,,來(lái)確保這些方興未艾的科技產(chǎn)品的安全,。(財(cái)富中文網(wǎng))
譯者:晨曦
自從冠狀病毒大流行開(kāi)始以來(lái),隨著人們和企業(yè)越來(lái)越多地依賴視頻聊天,,F(xiàn)BI波士頓辦公室本周稱,,“Zoom炸彈”事件正在美國(guó)各地蔓延。Zoom是在疫情期間迅速走紅的視頻會(huì)議軟件,,而“Zoom炸彈”專門(mén)針對(duì)Zoom,。它實(shí)際上是一種黑客行為,而且已經(jīng)產(chǎn)生了令人不安的后果,。
比如在3月30日,,不速之客攻擊了一次Zoom會(huì)議,而諷刺的是,,這次會(huì)議的主題就是網(wǎng)絡(luò)攻擊,。當(dāng)演講者開(kāi)始講述社交網(wǎng)站上有關(guān)冠狀病毒的不實(shí)信息時(shí),一個(gè)黑客開(kāi)始在屏幕上亂涂亂畫(huà),,致使會(huì)議不得不提前結(jié)束,。
諸如此類的Zoom黑客問(wèn)題在世界各地都在發(fā)生,從互聯(lián)網(wǎng)上的匿名戒酒會(huì)到敏感的高層政府會(huì)議,不一而足,。下面就來(lái)介紹Zoom炸彈是如何發(fā)生的,,還有更重要的是如何防范。
什么是Zoom炸彈,?
眾多的Zoom炸彈事件已經(jīng)成了人們身邊的一種威脅,。黑客會(huì)溜進(jìn)正在進(jìn)行的Zoom會(huì)議,通過(guò)說(shuō)臟話,,叫喊帶有種族色彩的語(yǔ)言,或在視頻圖像中添加令人反感的畫(huà)面來(lái)打擾會(huì)議參與者,,破壞視頻會(huì)議,。
這樣的問(wèn)題使人們不禁要問(wèn),使用Zoom是否還安全,?特別是在大型會(huì)議中,,一個(gè)不速之客,可能會(huì)在沒(méi)被注意的情況下記錄下會(huì)議內(nèi)容或收集相關(guān)信息,,進(jìn)而在一些特殊的情況下,,讓這些成為間諜活動(dòng)或者敲詐勒索的方法。
黑客如何進(jìn)入到他們本不應(yīng)該參加的Zoom會(huì)議中,?
大部分Zoom炸彈攻擊似乎并不是由Zoom的代碼缺陷造成的,,而是由用戶的整體網(wǎng)絡(luò)安全狀況,以及對(duì)Zoom不當(dāng)?shù)碾[私設(shè)置造成的,。
如果將Zoom會(huì)議設(shè)置為“公開(kāi)”狀態(tài),,則任何有該會(huì)議正確鏈接的人都可以訪問(wèn)此次會(huì)議。網(wǎng)絡(luò)安全公司Cybint的聯(lián)合創(chuàng)始人兼首席執(zhí)行官羅伊·祖表示,,黑客們只需在如Facebook這樣的社交媒體網(wǎng)站上搜索“ zoom.us”,,即可找到這些地址,這些網(wǎng)站經(jīng)常發(fā)布公開(kāi)會(huì)議的鏈接,。在Reddit等網(wǎng)站上也有專門(mén)的相關(guān)論壇,,其中r / Zoombombing就是“Zoom課堂教學(xué)ID的專屬發(fā)布”。
如何防止在Zoom會(huì)議和視頻通話進(jìn)行時(shí)被騷擾,?
有多種重要而直接的方法可以保護(hù)你們的會(huì)議,。《財(cái)富》雜志向Zoom征求了答案,。Zoom建議閱讀詳細(xì)的用戶指南,,其中包括了確保會(huì)議安全的注意事項(xiàng)。
其中,,最重要的一條是,,Zoom用戶不應(yīng)公開(kāi)分享視頻會(huì)議鏈接。這或許是最明顯有效的預(yù)防措施。不要把會(huì)議鏈接發(fā)布到Facebook群或者會(huì)議的廣告推文中,,而是通過(guò)電子郵件等更私密的方式來(lái)發(fā)布信息,。
其次,把視頻會(huì)議設(shè)置為“私人”,。目前Zoom已將所有新會(huì)議默認(rèn)設(shè)置為“私人”,,要求與會(huì)者提供密碼才能訪問(wèn)。但有些用戶為了圖方便,,還是會(huì)經(jīng)常將會(huì)議設(shè)置為“公開(kāi)”,。鑒于當(dāng)下Zoom炸彈的嚴(yán)峻形勢(shì),以不方便為代價(jià)來(lái)?yè)Q取安全還是值得的,。
另外,,請(qǐng)勿使用個(gè)人會(huì)議ID。每個(gè)Zoom注冊(cè)用戶都有一個(gè)私人會(huì)議ID,,該ID實(shí)質(zhì)上是一個(gè)永久性虛擬會(huì)議室,。由于該ID不會(huì)更改,因此公開(kāi)共享它會(huì)增加未來(lái)使用它的危險(xiǎn),,導(dǎo)致以后進(jìn)行的會(huì)議遭到可能的黑客襲擊,。
為避免發(fā)生Zoom爆炸的風(fēng)險(xiǎn),請(qǐng)僅與最信任的聯(lián)系人共享個(gè)人會(huì)議ID,。通常,,Zoom會(huì)提示使用個(gè)人ID進(jìn)行“即時(shí)”會(huì)議,而預(yù)定會(huì)議使用一次性會(huì)議ID,,以此來(lái)降低風(fēng)險(xiǎn),。如果有人已經(jīng)與別人共享了個(gè)人會(huì)議ID,且有安全方面的擔(dān)憂,,羅伊·祖建議直接聯(lián)系Zoom,,更改ID。
最后,,限制視頻的共享,。如果會(huì)議主持人是唯一需要共享視頻的人,例如在研討會(huì)或個(gè)人發(fā)言的情境下,,主持人應(yīng)將Zoom的屏幕共享設(shè)置更改為“僅限主持人”,。 對(duì)于使用該軟件的K-12類,Zoom已經(jīng)將此設(shè)置改為默認(rèn),。
使用Zoom安全嗎,?
鑒于Zoom爆炸的蔓延,有人可能會(huì)懷疑是Zoom軟件本身的問(wèn)題,。但羅伊·祖表示,,Zoom通常在安全性方面表現(xiàn)很好,,大量Zoom爆炸事件最有可能是由于用戶不嚴(yán)格的使用習(xí)慣引起的,而非軟件本身的漏洞,。
但是作為一款非常流行的軟件,,Zoom天然就會(huì)承擔(dān)更高的風(fēng)險(xiǎn)。
“當(dāng)你看到某款軟件火了,,黑客也會(huì)盯上它”,,祖說(shuō)。 同時(shí),,反黑客和網(wǎng)絡(luò)安全組織,,包括政府背景的機(jī)構(gòu),也會(huì)適時(shí)跟進(jìn),。他們將花費(fèi)更多的時(shí)間和精力,,來(lái)確保這些方興未艾的科技產(chǎn)品的安全。(財(cái)富中文網(wǎng))
譯者:晨曦
As people and businesses have become increasingly reliant on video chatting since the coronavirus pandemic began, the FBI’s Boston office reported this week that “Zoom bombing” incidents are occurring across America. A disruption specific to the teleconferencing app Zoom, which has recently surged in popularity, this vulnerability has been been exploited by hackers, with disturbing results.
On March 30, for instance, uninvited strangers crashed a Zoom meeting on cyberattacks. When the presenter started covering coronavirus disinformation posted to Reddit, Facebook, and Twitter, a Zoom bomber scribbled all over the screen, forcing the meeting to end early.
Zoom hacking issues like this are happening all over the world, from over-the-Internet Alcoholics Anonymous meetings to sensitive, high-level government gatherings. Here's how Zoom bombings work, and, more importantly, how to prevent them.
What is Zoom bombing?
Many Zoom bombing incidents have amounted to a form of trolling. Hackers gain access to a Zoom meeting and attempt to disrupt the video chat and upset participants by shouting profanity or racial slurs, or putting disturbing or offensive images in their video feed.
The vulnerability also has people wondering if Zoom is safe to use. Particularly in a large meeting, an unwelcome participant might go unnoticed, enabling that person to record the meeting or otherwise gather information. In particularly sensitive cases, this could become a method of corporate espionage or blackmail.
How are hackers joining Zoom meetings they aren’t supposed to be in?
The majority of Zoom bombing attacks appear not to be the product of flaws in Zoom’s code, but rather of users’ overall cybersecurity hygiene and their imperfect command of Zoom’s privacy settings.
If a Zoom meeting is set to public, it can be accessed by anyone with the correct link. According to Roy Zur, cofounder and CEO of cybersecurity firm Cybint, bad actors can find these addresses simply by searching for “zoom.us” on social media sites like Facebook, where public meeting links are often posted. There are also dedicated forums on sites like Reddit, where r/Zoombombing is described as “dedicated to the posting of Zoom Classroom Meeting IDs.”
How can I prevent Zoom bombing of my meetings and video calls?
There are several important, mostly straightforward ways to protect your meetings. Fortune reached out to Zoom for comment. The company recommended users read this detailed guide, which covers precautions for keeping their meetings safe.
Most importantly, Zoom users should not share meeting links publicly. This is perhaps the single most obvious precaution you can take. Rather than posting a meeting link to a Facebook group or in a promotional tweet, distribute information via a more private method, such as email.
Second, set your meetings to “private.” Zoom now sets all new meetings to “private” by default, requiring attendees to provide a password for access. But users often opt to make meetings public for the sake of convenience. Given the wave of Zoom bombings, the inconvenience of requiring a password is probably worthwhile in keeping your meeting safe.
Also, don’t use your personal meeting ID. Every registered Zoom user has a personal meeting ID, linked to what is essentially a permanent virtual meeting room. Because that ID doesn’t change, sharing it publicly increases the chance that future meetings using your personal ID might be Zoom bombed.
To avoid the risk of Zoom bombing, share your personal meeting ID only with your most trusted contacts. Generally, while Zoom will prompt you to use your personal ID for “instant” meetings, scheduled meetings will use a one-time meeting ID, reducing risk. If you’re concerned that you may have already shared your personal meeting ID in an insecure way, Zur recommends contacting Zoom directly to have it changed.
Finally, restrict video sharing. If the meeting host is the only person who needs to share video, such as in a seminar or presentation, the host should change Zoom’s screen-sharing setting to “Host only.” Zoom has already made this change by default for K-12 classes using the software.
Is Zoom safe to use?
Given the wave of Zoom bombings, you might suspect there's a problem with the Zoom software. But Zur says Zoom is generally doing a good job on security, and the bulk of Zoom bombings are most likely due to lax user practices rather than bugs.
However, the very popularity of Zoom may inherently make it riskier.
“As you see hype around a specific product, it also attracts attackers,” says Zur. But white-hat hackers and cybersecurity organizations, including government-backed organizations, will also follow suit, devoting more time and energy into keeping these newly popular technologies safe, he adds.
財(cái)富中文網(wǎng)所刊載內(nèi)容之知識(shí)產(chǎn)權(quán)為財(cái)富媒體知識(shí)產(chǎn)權(quán)有限公司及/或相關(guān)權(quán)利人專屬所有或持有,。未經(jīng)許可,禁止進(jìn)行轉(zhuǎn)載,、摘編,、復(fù)制及建立鏡像等任何使用。
