SINGAPORE - All teachers will stop using video conferencing platform Zoom for their home-based teaching, after hackers hijacked the streaming of a lesson to show obscene picture to some students.
The move is a precautionary measure until security issues have been ironed out, the Education Ministry said on Thursday (April 9) night.
It is investigating the incident on Wednesday at a school in the eastern part of Singapore, and will make a police report if necessary, said its divisional director for the educational technology division, Mr Aaron Loh.
He also said home-based learning will continue, and teachers will continue to use the range of resources available in the Singapore Student Learning Space, as well as offline teaching and learning.
Meanwhile, “we have reiterated and spelt out to all our teachers the security measures they must adhere to when using such video conferencing platforms. This includes requiring secure log-ins and not sharing the meeting link beyond the students in the class,” he said.
The ministry, he added, “will continue to work with parents to ensure a safe learning environment, and schools will also guide students on appropriate behaviour when attending online lessons”.
Mr Loh also said the ministry is working with Zoom to enhance its security and make security measures clear and easy to follow.
The hacking happened during a geography lesson for a secondary one class. Hackers hijacked the stream and showed the students pictures of penises.
A student of the class, 13-year-old Zee, told her mother the two hackers, who were Caucasian men, told the girls, from her class of 39 students who were watching, to “show us your boobs”.
Her 47-year-old civil servant mother, who wanted to be known only as Ms Loh, told The Straits Times on Thursday she was horrified at what had happened.
She informed the teacher of her daughter’s class.
“When she is surfing the Internet, she does not encounter such things. Home-based learning is supposed to be a safe space, but now our children have to be exposed to such things? I know it’s difficult to manage but as a parent I feel very concerned,” the mother added.
Zee’s experience is not unique, as reports continue to pop up around the world about cyber-security incidents relating to Zoom.
The platform has been enjoying success owing to disruptions caused by the Covid-19 pandemic.
With most people working from home and students doing home-based learning, Zoom has been the choice video conferencing tool for many workplaces and schools, as it is free and easy to use.
Even the Government uses it to hold some media conferences.
It is now more popular than the offerings from tech giants such as Microsoft’s Skype and Google’s Hangouts.
Zoom, which came onto the scene in 2013, reached 200 million daily users last month.
But in the past few months, reports of uninvited people crashing Zoom meetings, on what has come to be known as Zoombombing, has been increasing.
This was possible because of its initially lax security features. For instance, not all Zoom meetings require a password to join in.
Officials at Berkeley High School in California said they suspended Zoom after a “naked adult male using racial slurs” intruded on what the school said was a password-protected meeting on Zoom, according to a letter to parents seen by Reuters.
The Federal Bureau of Investigation (FBI) in the United States said last month that in Massachusetts, while a teacher was conducting a class through Zoom, a person dialled in, shouted a profanity and the teacher’s home address.
Places such as Taiwan, Germany and Malaysia have already put restrictions on the use of Zoom, as have schools in the US.
On Wednesday, it was reported that the company is facing a class-action lawsuit by one of its shareholders, who alleged that it failed to disclose issues with its video conferencing platform’s privacy and security.
Replying to queries from ST, a Zoom spokesman said the company has changed default settings for education users, and is adding passwords for its free basic users. Such a feature was previously not enabled.
“We have been deeply upset by increasing reports of harassment on our platform and strongly condemn such behaviour. We are listening to our community of users to help us evolve our approach and help our users guard against these attacks,” he added.
Zoom’s chief executive officer, Mr Eric Yuan, has apologised for his platform’s security flaws, admitting in a blog post last week that “we have fallen short of the community’s - and our own - privacy and security expectations”.
Mr Bryan Tan, a lawyer from Pinsent Masons MPillay which specialises in technology law and data protection, said Zoom has a lot of security protection settings but users are not aware of them or are not inclined to use them.
“Could Zoom have done better here? Sure, in terms of education and perhaps default settings, it could do more.
“Users can also take steps to protect themselves by using these tools that have been made available,” he added.
When asked why the Government is still using Zoom for some of its meetings, a spokesman for the Smart Nation and Digital Government Office said the public sector has implemented telecommuting to reduce the level of person-to-person contact and this will include using a “variety of tools”.
“For remote communication and collaboration, government agencies use secure channels to conduct meetings and discussions internal to the public sector,” said the spokesman.
“To facilitate communication with external parties on non-sensitive matters, government agencies use a variety of tools including Zoom, for the convenience of these parties.”
Experts such as Mr Stas Protassov, president and co-founder of cyber protection company Acronis, has advised that to prevent Zoombombing, users should familiarise themselves with its security features and update the app, as the company has been installing security features.
He said: “Educate yourself on the available security feature and make sure you are using a fully updated version of Zoom.
“Those measures, if implemented by the meeting organisers, will make participants protected from ‘Zoombombing’ and other risks.”