What does Zoombombing mean and how can we avoid it? 

Page Content

The ongoing pandemic has not only re-defined how we live, but it has also completely restructured how we work, especially how we communicate during and for work. Work culture has been forced into a new digital age and with it, remote collaboration tools into the spotlight. One of the biggest beneficiaries of this has been video conferencing tools – led by Zoom.

The company is yet to complete a decade of existence but its usage numbers would make you think it was competing with top social media platforms. The app already possessed a vast user base of 10 million daily active users last year but by March 20202, that number would skyrocket to 200 million. Many of those 200 million users access the platform for their business communication. Zoom’s founder Eric Yuan, in a recent address to their users, said :

… as of the end of December last year, the maximum number of daily meeting participants, both free and paid, conducted on Zoom was approximately 10 million. In March this year, we reached more than 200 million daily meeting participants …

A lot of those calls would entail users sharing crucial company data, propriety information, confidential talks, etc, which raises serious concerns about the recent trend of Zoombombing.

What is it? Why should you be taking it seriously?

The term Zoombombing is a recent one but the sentiment behind it is the same as eavesdropping or trolling depending on the particular case. A meeting is said to be Zoombombed when an uninvited guests or guests join a zoom meeting room. Incidents of this have been increasing corresponding to the rise in popularity of the application. Zoom bombs have also been identified to be co-ordinate on social media platforms like Instagram. Zoombomb can be annoying to sexist to even financially harmful if it occurs during a business call.

The digital identity industry group Women in Identity (WiD) recently were at the receiving end of a sexist Zoombomb. The group that had been meeting regularly on Zoom to discuss general support and industry issues during this ongoing pandemic were subjected to insulting and derogatory comments, enough to force the group to shut down the meeting. The FBI even issued a warning regarding the hijacking of video conferencing platforms :

FBI has received multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language.”

Most times, all that is needed to Zoombomb a meeting is the meeting ID. When you set up a Zoom meeting, a URL is generated in the format: https://us04web.zoom.us/x/xxxxx. Just by going into Twitter and searching for https://us04web.zoom.us will throw up multiple posts and tweets, some even with the password. While for a normal meeting, a Zoombomb may not matter, but the consequences could be catastrophic in the business world. If many individuals are in a meeting room, a Zoombomber might not even be identified. They can quietly listen in to the conversation, taking notes, and even screenshots of data being shared during the call.

Tips to prevent Zoombombing

Using Passwords

While this is a no brainer, it needs to be specified. This is the easiest and first step that many choose to ignore out of convenience. Zoom lets you set a 10 character password, make the most of it.

Using 2-factor authentication

Paid or educational accounts have the option to set up a 2-factor authentication for logging into your Zoom account.

Avoid oversharing

Avoid the examples listed above and ensure your meeting URL is never shared in public unless you are willing and able to manage Zoombombers. Screenshots and tweets might also contain revealing information, so be sure when sharing these as well.

Update the app regularly

2 former zero-day flaws allowed hackers to access the mic and camera of a device, via the Zoom app. The company has stepped up its game and has released security updates to fix such issues. If your app is not on the latest version, then update it. 

Use the waiting room

This provides you with an opportunity to double-check an individual before he joins.

Auto-generated Meeting ID

Avoid using your personal Meeting ID in the off chance it leaks out.

Mute on Entry option

Just like the waiting room, this will provide you a chance to check every new joiner in the meeting room.

Screen Control

Set screen control to “The only Host”. Zoombombers have known to take control of the screen for their purposes. This will avoid that happening even if a Zoombomber manages to get into the meeting room.

References:

https://resources.infosecinstitute.com/zoombombing-how-it-works-and-how-to-prevent-it-from-happening-to-you/?fbclid=IwAR2xqnO-Ta5GXYZ6icvFhO3cNsgrZaZ4c2-wzdTO2wEz44h1jL92uDN5zoA