With 300 million people using Zoom videoconferencing every day, the issue of Zoom meetings getting hijacked by a hacker, troll, or “Zoom bomber” has become a real and serious problem. Similar to traditional cyber attacks, the Zoom bomber finds a way to breach the Zoom conference and then disrupts the meeting with a rant or inappropriate message.
“This is a serious problem that needs immediate remedy — similar to how we would confront any cyber attack on a business or individual,” said Syed Alam, Founder, and CEO of accentedge, an IT services company based in Chicago. “We can’t underestimate the cost to schools or businesses that are unable to hold classes or conduct business due to the threat of a Zoom bombing,” Alam added, “In these times of the Covid-19 epidemic, where people are relying on secure communications through programs like Zoom, it is important that users of this technology take steps to stop this kind of attack.”
Security experts at Zoom also see this problem as a priority and are scrambling to put protections in place to prevent the hijacking of Zoom videoconferences. The Zoom 5.0 update will include intrusion-blocking encryption technology, new privacy controls, and the ability to report abusive users. Zoom is implementing AES 256-bit GCM encryption, considered one of the most secure methods for protecting data.
“This kind of attack is not going away,” Alam stressed, “a hacker will always be looking for vulnerabilities in the system to exploit. The strategy for stopping these attacks is the same advice we would give a large corporation or pharmaceutical company trying to secure sensitive data or its computer network communications — follow and implement the best practices for preventing cyber breaches and have a plan for responding and recovering when an attack occurs. It is not a matter of if an attack occurs, it is about preparing a response for when an attack occurs.”
While Zoom and other videoconferencing app developers are working on ways to protect from Zoom bombing, there are simple steps that users can incorporate to help prevent unwanted visitors or hackers from joining a Zoom meeting.
Here are some ways to help protect the security of your Zoom meetings:
- Update Zoom software and your devices. Make sure you are using the most recent updated system software on your phone, tablet, or PC as well as the most recent Zoom App software. Security fixes in the software can prevent many types of breaches.
- Don’t share your Zoom Meeting link on social media. The more your Meeting ID number is out in the public, the more opportunity hackers can find access to it and crash your meeting. Posting your Zoom Meeting ID invite to your fitness class on Facebook is inviting hackers to join the class.
- Create a Waiting Room. When setting up your Zoom conference enables the “Waiting Room” option so you can see who is joining the conference and give them access. This feature allows the Host to see who has joined the room. A skilled hacker who wants to disrupt your meeting may still be able to get through, but this is one more hurdle to stop them. Zoom offers a new security option that allows you to set up a Waiting Room after the call has started. By enabling this Waiting Room feature you can prevent users from joining your call unexpectedly.
- Disable others from joining before the Host. By default, users will be unable to join before the host. This way the Host can see who has joined before the meeting starts and prevent unwanted visitors from joining. Check to make certain this feature is being used by clicking on the gear-shaped icon at the top right of the Zoom screen. This is one more control for Hosts to verify who is joining the call.
- Use a unique Personal Meeting ID for each Zoom Meeting. Each Zoom Meeting you set up creates a Personal Meeting ID number that is used to invite people to your meeting. You can use this number as a recurring access code for small groups and one-to-one meetings. This ID number never expires so it is easy for people to access your meeting without accessing a new number. However, using the same number each time makes your meeting more vulnerable to hackers. One solution is creating a unique Personal Meeting ID every time you schedule a new meeting. It may be less convenient for people accessing your Zoom meeting, but changing the ID number will make your meeting more secure.
- Create an “Invite Only” Meeting. If you have a paid Zoom account, you can control who joins your meeting by setting it up as an “Invite Only” meeting. With this type of meeting, the only people who can join are the ones you invite using the Meeting ID and the same email address that was used to invite them. Once you’ve set up the Authentication Profiles, any other user trying to join will get a message saying the meeting is restricted to authorized attendees only.
- Limit user access to Screen Sharing. Zoom Bombers are known to use the screen sharing option in Zoom to “hijack” the meeting with their message. When setting up your meeting, choose the option that limits screen sharing to “Host-Only.” You can enable these settings both before and during your call. Using the Zoom web portal, go to Personal>Settings>In Meeting>Screen Sharing, then check the option that only allows only the host to share. During the call, you can also access this feature on the “Share Screen” section under Advanced Sharing Options.
- Disable Remote Control and File Sharing. To further protect your meeting, you can disable the remote control function and for chats, disallow file sharing, annotations, and the autosave feature. Limiting these features give less accessibility to users, but allows for greater security.
- Set a Meeting Password. With the new Zoom 5.0 software, a password will be required to join the meeting. Using the Waiting Room feature, the host must approve users to join the meeting, and users are required to provide a password to enter. Requiring passwords will likely become a common feature for all meeting platform apps.
- Assign Co-Hosts and lock your meeting once it starts. In Zoom, you can assign Co-Hosts to assist you if unwanted visitors need to be removed. In addition, you can lock your meeting to outsiders once the meeting begins and everyone is in. To assign Co-Hosts, go to Settings>Meetings>Co-Host and make sure the Co-Host feature is enabled. Click “Turn On” if Zoom asks for verification. Then disable “Allow Removed Participants to Rejoin” to keep out unwanted users.
What To Do If A-Zoom Bomber Crashes Your Meeting
Despite taking precautions, what do you do if a Zoom bomber joins and attempts to disrupt your meeting? For example, what if someone is trolling the chat section with unwanted posts or attempts to cause chaos by sharing inappropriate audio, images, or messages?
Put the offending user on Mute. The first step you can take is to put the offender on Mute so they cannot be heard by other participants. To do this, the Host or Co-Host can go to the Participants List and scroll down to “Mute All Controls.” This will prevent the hacker from using their microphone to disrupt the meeting. Make sure your Co-Hosts are trained on how to use this feature.
Remove a disruptive user from your Zoom Meeting. You can lock out disruptive users by going to the Participants List and scroll down to “More.” Click on “Lock Meeting” which will allow you to remove participants from the meeting and prevent new participants from joining.
Shut down the meeting. In a worst-case scenario, as the Host, you can shut down the meeting. As the Host, you are ultimately responsible for the content of your meeting, and if needed, you can always just end the meeting.
As Zoom becomes an increasingly popular means of communication for people to meet, hackers will continue to look at ways to breach or disrupt this platform. It is critical that these Zoom bombers are stopped so that individuals, businesses, and organizations can communicate freely in a COVID-19 world. Using common-sense methods to stop trolls, hackers, and Zoom bombers — and having a plan for dealing with these disruptions — we can ensure an open and safe environment for Zoom users in the future.