With over 190 million new users gained over the past three weeks, Zoom’s facing some criticism from the tech community as well as end-users. The company faced criticism in the past for past security flaws, too. Each time, Zoom resolved the issue.
This time was no different when reports started to surface about unknown users joining Zoom meetings they hadn’t been invited to and displaying pornographic images along with shouting exploitatives. Now that there are so many distinct purposes for Zoom, and even more new users – the video conferencing platform is open to the world to online trolls.
Universities, governments, families, and businesses are all susceptible to the threat of Zoombombing, so I wanted to take a look at what it is and how to protect yourself. One expert, Panzura CEO, Patrick Harr, offered a useful yet quite technical solution:
“Companies can run private instances of Zoom like video conferencing and integrated file services. You can run those instances and scaled in a public VPC”
On top of also providing password controls in Zoom and others like it, he added, companies can run encrypted video sessions. According to Harr, this requires more scaling as well as compute capacity along with higher bandwidth, so it may not be as suitable for everyone, but it is a plausible solution to the problem at-large.
What is it?
Deemed ‘Zoombombing’ by social media users, The FBI told BuzzFeed news, it received various reports of conferences disrupted by pornographic, hate images, and/or threatening language. Since Zoom’s gained increased popularity, Zoombombing’s picked up steam.
How Does it Happen?
Sometimes, an organization’s greatest risk of intrusion lies within, and social media made note of one of those human errors that could mean unwanted visitors entering a meeting. Most notably, Great Britain’s Prime Minister, Boris Johnson, led a cabinet meeting using Zoom recently. There is photo evidence to showcase Great Britain’s first Cabinet meeting held online.
And a photo Tweeted by the PM himself, revealed the Zoom meeting ID which could have let in a Zoombomber. This is one of many ways an intruder might enter a private meeting. Zoombombing is not a security issue with Zoom, though.
It has more to do with how Zoom meeting attendees distribute meeting links. There can be a lot of back-and-forth between clients, coworkers, other students, teachers, partners, etc — at some point, that link may end up in the public sphere.
How to Avoid it?
In an April 5 blog post, Zoom said disabling some features could protect against Zoombombing. Before a meeting, go to the ‘Settings’ menu located in the left-hand corner of the Zoom client. There, you will find the components Zoom recommends users disable, including:
- Enable password in meeting link for one-click join
- Allow participants to rename themselves
- Join before the host
- Remote control
- Screen sharing
- File transfer
Iotum President and CEO, Jason Martin, told UC Today, “Zoombombing is an unfortunate side-effect of broad, open calls, which is why IT departments should look for a privacy-forward solution to the problem” He added,
“IT departments should look for a solution that adds an extra layer of security to Zoom’s platform and locks customers’ calls once they start”
His company, for the record, does just this. And the technology extends individual PINs to further protect meetings, especially crucial during the COVID-19 period. When it comes to Zoombombing, it seems Zoom has the proper protections in place, so it boils down to taking advantage of these tools so you can have a secure conversation without interruption.