What Is Zoom-Bombing, and How Can You Stay Safe?
With people using Zoom for all of their work-at-home needs, malicious agents flock to the flaws in the program to cause havoc. One of these is called “Zoom-bombing,” which, despite its funny name, can cause severe disruption and offense to everyone in a meeting.
Let’s explore what Zoom-bombing is, why you don’t want to experience it, and how to protect yourself from it.
What Is Zoom-Bombing?
Zoom-bombing is the act of crashing into an insecure Zoom teleconference room. This is possible if the room host hasn’t set up security measures to prevent Zoom-bombing. As such, it has similarities to photo-bombing, except that Zoom-bombing can be far more damaging.
Usually, Zoom-bombing occurs when someone publicly posts a link to a Zoom teleconference room, which has no added security. This opens the doors to strangers, who can enter the room and show offensive imagery or shout spiteful comments.
Previous Examples of Zoom-Bombing Attacks
Zoom-bombing isn’t a theoretical attack; it’s something the internet has already seen. There have already been Zoom-bombing attacks so fierce that they’ve made headlines, highlighting the need to protect yourself during a Zoom meeting.
Strangers Harassing Meetings Using Zoom-Bombing
Jerry McCormick, who runs as the vice president of the San Diego Association of Black Journalists, suffered a Zoom-bombing during one of his meetings. NBC San Diego reports that malicious agents gained access to a meeting and claimed that they were taking it over. They then began shouting racial slurs and screen-sharing pornographic content.
Several Alcoholics Anonymous (AA) meetings have also suffered attacks. Business Insider reports that unwanted visitors would enter insecure AA rooms and shout misogynistic and racial slurs. They also encouraged people in the meeting to drink; by the time the intruders were removed, many of the original guests had already left the meeting.
Students Using Zoom-Bombing to Disrupt Their Classes
Zoom-bombing has become popular amongst troublemakers, to the point where there are Discord servers set up to discuss and organize raids. PCMag reports that raiders use these servers to find and share public Zoom invite links, but they also harbor a second use: fulfilling requests by students to raid their school’s rooms.
If a student doesn’t like a particular class, they can inform the raider’s Discord server of the ID, password, and scheduled time for their class. When the class begins, the invaders then sneak into the call and start shouting obscenities at the teacher hosting the course.
How Easy Is It for Someone to Zoom-Bomb a Meeting?
Zoom-bombing occurs when two mistakes occur. First, the host sets up the meeting with no additional protection. Second, someone then leaks the room ID to the public. This could be the host sharing the link on social media, an attendee deliberately leaking the ID to other people, or the ID leaking out by sheer accident.
When these two mistakes occur, strangers can find the link, click on it, and get into the meeting unfettered. This opens the door for Zoom-bombers who can share the link amongst one another and co-ordinate a more significant raid.
This was almost a problem for the Prime Minister of the UK, Boris Johnson. He tweeted out an image of his Zoom conference to show the first-ever remote conference meeting; however, by doing so, he had also revealed the room ID for the session.
This morning I chaired the first ever digital Cabinet.
Our message to the public is: stay at home, protect the NHS, save lives. #StayHomeSaveLives pic.twitter.com/pgeRc3FHIp
— Boris Johnson #StayHomeSaveLives (@BorisJohnson) March 31, 2020
Thankfully, Boris had put a password and two-factor authentication on the room so that people couldn’t join; however, if the room didn’t have these protections, anyone could participate in an essential governmental meeting and take note of what happened.
Protecting Yourself From a Zoom-Bombing Attack
While the above examples are pretty scary, it’s easy to set up a meeting to prevent Zoom-bombing. You just need to ensure a few settings are enabled before you create a new session or use an existing room.
To perform these steps, we’ll be using the meeting controls on the Zoom website. You can access these settings by logging into the website and clicking Meetings on the left side, or by accessing the Meetings page directly.
Set a Password for Your Zoom Meeting
First, make sure your meeting has a password set for it. When you’re creating or editing a meeting, look for the checkbox labeled Require meeting password and make sure it’s ticked.
While you’re here, change your password to something more durable. By default, Zoom will give you a six-digit number for a password, but you can always learn how to set a strong password that you won’t forget and use that instead.
Enable the Waiting Room for Your Zoom Meeting
A password will stop random people from crashing your meeting, but it’s not foolproof. As we mentioned above, someone you invite can share the link and password with Zoom-bombers who then invade your session.
To stop this form of attack, implement a waiting room for your meeting. This isn’t turned on by default, so be sure you enable it when you create or edit your meeting room.
When changing the settings for your room, tick the Enable waiting room box to activate this feature.
Now when someone joins your meeting, they’ll be placed in a virtual queue, unable to contribute to the meeting. You can view the queue by clicking Manage participants at the bottom of an active meeting.
You can let them in if you invited them, or turn them away if they look suspicious.
If you do reject someone, they won’t be able to reconnect to the meeting until you finish. This is handy for turning away raiders, as they can’t continuously reconnect to annoy you.
Turn Off Inappropriate Webcams on Zoom
Unfortunately, at the time of writing, there’s no way to stop someone from enabling their webcams. However, if they’re showing inappropriate content through it, you can click More next to their name on the user list, then turn their camera off.
Prevent Others From Sharing Their Screen on Zoom
A part of Zoom-bombing raids involves showing offensive imagery. This is achieved by screen-sharing, where the attackers stream what’s on their monitors instead of their webcams.
To stop this, click the Up arrow next to Share Screen while you’re in the middle of a meeting. Click on Advanced sharing options.
Then, under Who can share, set the option to Only host.
This will stop people from sharing content on their screens, while still giving you the freedom to do it yourself.
Locking the Meeting on Zoom
Finally, once everyone is in, you can lock the room. To do this, make sure the participant list is visible. If it’s not, click the Manage participants button again as we covered above. Then, at the bottom of the participant list, click on More, then Lock Meeting.
Once a meeting is locked, it will turn away anyone who tries to connect. This is very useful once everyone turns up for the meeting, as there’s no need to keep the door open for visitors.
Making Your Zoom Meetings More Secure
Zoom-bombing has become a popular hobby for internet trolls, so it’s essential to equip yourself to defend against them. Thankfully, there are plenty of options you can enable to stop them, from setting a strong password to enabling the waiting room feature.
Now your Zoom meetings are safe from Zoom-bombing, why not learn how to secure your Zoom chat as a whole?
Read the full article: What Is Zoom-Bombing, and How Can You Stay Safe?