Hijacked Zoom call during class raises concerns about videoconferencing security and privacy

Friday, April 24, 2020 - 6:03pm

.

Illustration by Christine Jegarl

Public Health student Madison Fishler logged onto Zoom on Tuesday evening for her final class in Public Health 318: Food Literacy for All. As the class was wrapping up, the call was hijacked with hate images and racial slurs against African Americans for about a minute before the instructors ended the call, Fishler explained. 

“I was taken aback,” Fishler said. “I'm Caucasian, but I was still very hurt and impacted by this. It was very weird to me. I kind of felt disgusted, kind of sick to my stomach that this was happening.”

Since schools across the country have transitioned to online learning, the videoconferencing platform Zoom has become a popular tool for students sheltered at home. However, while more and more students log onto Zoom, concerns with its security and privacy have only increased.

The FBI issued a warning on March 30 regarding “Zoom-bombings,” an interruption in which intruders disrupt video calls with threatening language and offensive images. According to the warning, the FBI has received reports of Zoom-bombings nationwide.

Fishler felt the security breach was unexpected, given how recent these Zoom-bombing incidents have occured. She said the security breach also made her feel uncomfortable with using platforms like Zoom. 

“It made me feel like my privacy was intruded,” Fishler said. “I would like to see the school using better platforms, but also who would have known? This Zoom-bombing has only been happening since this COVID situation.”

Cindy Leung, Public Health assistant professor, and Lilly Fink Shapiro, University of Michigan Sustainable Food System Initiative program manager, are both leaders of the course. Leung and Fink Shapiro said the class was designed as an academic-community partnership, in which guest speakers in a variety of sectors engage with students about the crises and opportunities in today’s food system. They said a unique feature of the course is the ability of community members from Ann Arbor, Detroit and areas across the state to join and engage with the class. 

Due to the community-forward structure of the course, Leung and Fink Shapiro said it was difficult to take the necessary precautions the University recommended when transitioning to online instruction, such as securing meetings so only authenticated users could join and using passwords when scheduling meetings. 

Leung added this was an isolated incident for a uniquely-structured course and said she did not feel concerned for future Zoom use. She said Zoom is important for the class, given that the platform can support a high number of members at one time.

Despite what they described as an unfortunate end to the course, Leung and Fink Shapiro said they hope their students and community participants leave the course with a positive outlook and a focus on the conversations and work discussed throughout the semester. 

Zoom was recently added to the University's list of resources for videoconferencing after the Information and Technology Services received requests for more platforms alongside BlueJeans and Google Hangouts. The addition of Zoom was announced in an email to the University on March 17 by Ravi Pendse, vice president for information technology and chief information officer.

“ITS has been working diligently to provide students as well as faculty and staff with the resources and support they need in order to study and work remotely,” Pendse wrote. “In response to numerous requests for additional methods for videoconferencing, I am excited to share that we have added Zoom.”

In an email to The Daily, ITS said the University has contracts and agreements with Zoom that require the company to secure and protect University data. This data can only be used to help run and improve services. Zoom is prohibited from selling or renting University data.

“U-M is absolutely concerned about Zoombombing,” ITS wrote. “Ravi Pendse, the Vice President for Information Technology and Chief Information Officer, reached out to university leaders at the end of March and to all faculty and staff in early April to share resources on how best to protect against this behavior.”

Janine Pelosi, Zoom’s chief marketing officer, wrote in a statement to The Daily that the company is taking steps to strengthen protections for virtual meetings. These include enabling meeting passwords, lessening the visualization of Zoom Meeting IDs and adding new security icons, among other precautions.

“We have been deeply upset to hear about these types of incidents,” Pelosi wrote. “Zoom strongly condemns such behavior and recently updated several features to help our users more easily protect their meetings.” 

Summer News Editor Kristina Zheng can be reached at krizheng@umich.edu.