NewsCall 6 Investigates

Actions

Security of Zoom, other video conferencing technology under scrutiny

Ignacio Espinosa de los Monteros.JPG
Posted at 10:04 PM, Apr 21, 2020
and last updated 2020-04-21 22:04:31-04

CARMEL — The security of Zoom and other virtual meeting technology has been called into question, especially after a public Zoom meeting of the Indiana Election Commission was hacked by a porn broadcast.

It was a shock for about 200 people participating in the Indiana Election Commission meeting on Friday when someone managed to broadcast pornography onto people's screens. Call 6 Investigates has learned they're not the only group to have a meeting interrupted.

"When I received that message from the school principal from the school messenger I went ballistic," Ignacio Espinosa de los Monteros said.

The principal of Carmel Middle School sent an email alerting parents that inappropriate remarks were made by a participant during a Zoom educational lesson with students. The staff member immediately ended the Zoom meeting when it happened.

"I had forewarned that this was going to happen," Monteros said. "I had told them that Zoom was a non-secure communication mechanism based on the technology currently."

Monteros has two children in the Carmel-Clay school district and also works as a business, technology and innovation professional.

"The fact that it happened to middle school aged children, which are eighth-, seventh- and sixth-graders, is not acceptable," Monteros said. "It wouldn't be acceptable for anybody. It wasn't acceptable for the Indiana Election Commission. It wouldn't be acceptable even less for minors. I mean how are we protecting our kids?"

Call 6 Investigates recruited a cybersecurity expert to explain just how vulnerable these communication systems really are.

"If you don't necessarily trust somebody on the other side, they could be having somebody in the physical room, they could also be videotaping with their phone," Chris Nyhuis said.

Nyhuis, CEO of Vigilant, said Zoom, to be user-friendly, doesn't require hard security settings upfront. Nyhuis said he recommends requiring participants have their video feature turned on so you can see what they're doing and set strong passwords for people to enter the meeting.

"But in addition, a lot of these technologies allow for what's called the waiting room," Nyhuis said. "And what that does is when somebody joins they have to sit in a room until you go and approve that they can join."

Nyhuis said on a larger scale nationwide, hackers are getting on these meetings to gain corporate secrets, infiltrate networks.

"It isn't hard to hack a meeting on any of these platforms that are made public with no password," he said.

"This is not an acceptable way to protect our kids whether it's the Carmel-Clay school district or the Indianapolis Public Schools or any school district in the state," Monteros said.

Carmel-Clay schools have enhanced their security features for all of their teachers using Zoom. Every meeting is password protected and students must be admitted into each one by the host.

The host of the meeting also has the ability to mute participants and control screen sharing capabilities. The district said they will continue to assess and introduce updated security settings for the safety of all participants.