Keep video conferences safe from ‘Zoom-bombers’

As the coronavirus forces the world to find new ways to carry on business as usual during safe-at-home executive orders, internet trolls have a new pastime: “Zoom-bombing.” 

Making headlines across the globe in the last weeks, Zoom-bombing has millions of Zoomers (Zoom users) checking and rechecking their settings to block uninvited internet trolls from entering their meetings and becoming maliciously disruptive. 

Random ID numbers

Zoom meeting crashers gain entry to a meeting by randomly entering meeting ID numbers. From graphic content appearing on screen during a kindergarten Zoom class to racist slurs during a church Zoom meeting and even full hijacks of shared screens—Zoom-bombers are taking advantage of the available gaps while the world overcomes the platform’s learning curve.

“It’s gaining popularity. Zoom has so many clients as it is the defacto video conferencing tool. It has a good interface, integrates well and is not complicated for new users,” says Selcuk Uluagac, associate professor in the Department of Electrical and Computer Engineering and director of the Cyber-Physical Systems Security Lab. 

Right now, teleconferencing and telecommuting removes many limitations imposed by current stay-at-home requirements, and this could change how we move forward with meetings and business, even after coronavirus, explains Uluagac.

With this new “freedom,” and technology, however, things are learned along the way, because security is many times an afterthought, he adds. Inevitably, companies learn from mistakes and fix issues.

Zoom responds

As of April 1, more than 90,000 schools across 20 countries use the popular video conferencing tool to continue education, remotely, according to Zoom. Universities worldwide are not immune to meeting crashers and must take precautions to avoid disruptors. Zoom-bombing has become so prevalent an issue that the FBI recently released a security and privacy warning to users. Many grade-school districts have also reconsidered using the platform because of its vulnerabilities.

Eric Yuan, founder and CEO of Zoom, acknowledges that with hundreds of millions of users using the platform for a wide range of uses every day, several security and privacy issues have emerged.

Last week, Yuan released a statement about the company’s “immense responsibility.” He added that, “We recognize that we have fallen short of the community’s – and our own – privacy and security expectations.” 

Seven security steps

Here are seven ways to make sure you’re doing your best to stop random, intrusive trolls in their tracks:

1. Generate a unique meeting ID, especially for large meetings or public events.
2. Enable the “only authenticated users can join” feature, unless you expect users outside of the FIU community to join the meeting.
3. Require a meeting password and distribute the password to only those who need access.
4. Prevent removed participants from rejoining.
5. Set the “Video" option for both Hosts and Participants to “Off” when scheduling a Zoom meeting.
6. Lock your meeting once it has started to block uninvited participants.
7. Learn how to manage disruptive participants in a meeting.

As the world navigates each week in the wake of COVID-19, an ounce of prevention can provide added security. Instructors can find useful tips on this downloadable infographic for help with their courses to block Zoom-bombers.

“We are more digital than ever right now. We are going to be facing more cybersecurity issues. That is going to be a part of our daily lives,” concludes Uluagac, who stresses that the university community follow the Division of IT’s recommendations and if there’s an update, update immediately.