More than 120 cases of Zoom video calls being hijacked by strangers displaying images of child abuse are being investigated in the UK, the National Crime Agency (NCA) has said.
The practice, known as “Zoombombing”, has increased during the coronavirus lockdown as more people turn to the video conferencing platform to speak with family, friends and colleagues.
But a security flaw allows anyone to access a meeting if they have the ID number or a link to it.
After the details of some meetings were shared on social media, despite the practice being discouraged by both the platform and officials, strangers were able to disrupt the video calls with offensive language and imagery.
The incidents have been described as “appalling” and Zoom has been accused of failing to protect its users.
An NCA spokesman said: “The NCA is leading and co-ordinating the UK’s response to Zoom video conferences being interrupted by indecent images of children, with police forces conducting their own investigations into more than 120 cases.”
They added: “Our role includes understanding whether the IP addresses used and the horrific images shared are the same. This will enable the NCA to identify links between offences and co-ordinate investigations.
“If any of these images are brand new, the NCA’s specialist victim identification team will help forces identify and protect the children involved. The NCA is also liaising with US authorities to deconflict inquiries.”
The NCA has advised that users do not share links to meetings or passwords on social media, verify all those taking part before allowing them to join a call, and hosts should turn off the ability for participants to join before them.
:: Listen to the Daily podcast on Apple Podcasts, Google Podcasts, Spotify, Spreaker
Andy Burrows, head of child safety online policy at the NSPCC, said: “The appalling scale of Zoombombing involving child sexual abuse imagery lays bare the platform’s failure to protect the safety of its users.
“Recently referring to serious incidents such as this as ‘normal speed bumps’ highlights how Zoom’s bosses have woefully underestimated the scale of the problem.”
Zoom has announced a number of security updates to its app, including new password controls and a default feature for virtual waiting rooms which would prevent uninvited users joining calls.
There will also be increased encryption and a centralised security menu.
Zoom’s head of UK and Ireland, Phil Perry, said the company was working with the NCA and called the incidents “truly devastating and appalling”.
“Zoom strongly condemns such behaviour and appreciates the NCA’s efforts to raise awareness around how best to prevent these kinds of attacks as well as their important work to help bring these offenders to justice,” he said.
He also urged users to report any incidents either to Zoom or directly to police.