News

Police issue warning after child abuse images seen on Zoom

The video-conferencing app has been the subject of questions about its security.
The video-conferencing app has been the subject of questions about its security. The video-conferencing app has been the subject of questions about its security.

Police in Wiltshire have issued a warning about using video-calling app Zoom after child abuse imagery was used to hijack several calls on the service.

Such incidents are known as Zoombombing – when uninvited guests break into a video conference and disrupt it with offensive language or imagery – and a number of other cases have been reported in the UK and around the world.

Wiltshire Police have urged the public to remain vigilant and check security settings when using the service after it confirmed reports of three incidents where meetings were interrupted by video footage of child abuse.

Zoomboming originated through a security flaw in the platform which allowed anyone to access a meeting if they obtained its ID number or a link to it.

Many instances of Zoombombing have occurred after meeting details were shared publicly on social media – which Wiltshire Police confirmed was the case in these latest incidents.

In recent weeks, Zoom has announced a string of security updates, including stronger password settings and meeting waiting rooms being turned on by default – tools designed to cut incidents of Zoombombing.

The platform has grown exponentially since lockdown restrictions were put in place as millions started to work and study from home.

The firm acknowledged it was unable to initially handle the increased demand and scrutiny but insisted its safety settings were far more robust following a number of updates.

Gemma Vinton, Detective Inspector for the digital investigations and intelligence unit at Wiltshire Police, said: “Incidents of this nature have been reported globally as well as in the UK recently, however, we have now, unfortunately, had three reports within Wiltshire in the last week.

“These zoom-bombings have involved extremely unpleasant indecent child-abuse video footage being shown via screen sharing by a meeting participant who was not known to the organisers of the video conferences.

“The meetings were publicised on social media with limited security settings so we’re urging individuals and businesses alike to remain vigilant and ensure settings are fixed correctly to prevent future occurrences.”

Security concerns raised around Zoom have seen some organisations opt not to use the service, something the firm’s chief information officer, Harry Moseley, described as “normal speed bumps” in the rise of any new service.

He reiterated that Zoom was committed to continued updates to improve the app’s security settings.

“Security has always been very core to Zoom, we value our clients,” he said.

“We’re all about their success, their security, their privacy.”

However, Andy Burrows, head of child safety online policy at the NSPCC, said Zoom’s ongoing issues were further proof that greater regulation of the technology sector was needed.

“It’s frankly dismissive and cavalier of a Zoom executive to say their failings are ‘normal speed bumps’ when it includes adults and children being bombarded with child abuse images on the platform,” he said.

“These are not commonplace concerns they can lightly brush off, they are abhorrent crimes with devastating and long-lasting impacts on victims.

“This goes to show the urgent need for the duty of care legislation and for platforms to be built with the safety of children in mind to avoid being forced to play catch-up.”

A Government’s Online Harms white paper has proposed a statutory duty of care be introduced for tech giants which could levy large fines and personal liability against executives of firms found to be in breach.

In a statement, Zoom said: “These incidents are truly devastating and appalling, and our user policies explicitly prohibit any obscene, indecent, illegal or violent activity or content on the platform.

“Zoom strongly condemns such behaviour and appreciates efforts to raise awareness around how best to prevent these kinds of attacks.

“Zoom has been similarly educating users on best practices, including recommending that users never share private meeting links publicly, and we recently updated several features to help users more easily protect their meetings.”