If you are using Zoom without the right precautions, you are vulnerable to a practice known as … [+]
SOPA Images/LightRocket via Getty Images
Picture the scene: You are logging into a business meeting using the popular online video app Zoom. Once into the Zoom meeting, each participant starts to introduce themselves, until, suddenly, screaming–and an uninvited young woman appears waving manically at the screen.
This is the new COVID-19 reality: If you are using Zoom without the right precautions, you are vulnerable to a practice known as “Zoom-bombing.” This sees uninvited attendees viewing your business meeting, or worse, sharing pornographic images and content.
No one’s immune from this threat. Take, for example, founder and editor in chief of tech website The Information, Jessica Lessin, who tweeted a week ago about how her video call was hijacked by someone who shared pornography.
Why is Zoom-bombing happening?
So, why this sudden influx of uninvited guests turning up to Zoom calls? First, Zoom is a big target given the sudden surge in use since coronavirus has had us all working from home. But it’s also to do with users sharing their Zoom meetings on social media sites such as Twitter.
A simple search for “Zoom.us” on Twitter brings up multiple links to meetings, which anyone can then use to join. This is a similar issue to one I covered last month which saw WhatsApp groups exposed to anyone who could find a link via Google.
Jake Moore, cybersecurity specialist at ESET has experienced Zoom-bombing first-hand. On March 26, Moore entered a meeting. “There was a list of people the host was allowing in, but all of a sudden there were too many, and she let them all in at once. Some of these were bombers and they took over. We killed the session ASAP and started again.”
How to avoid Zoom-bombing
Zoom-bombing can happen to anyone, but it makes sense to try and reduce your risk as much as possible. Zoom has written a blog including tips on how to avoid getting caught out by this issue.
The Information’s Lessin also tweeted some tips on how to stop uninvited guests from disrupting your video call.
A Zoom spokesperson sent me a statement over email, which reads: “We have been deeply upset to hear about the incidents involving this type of attack. For those hosting large, public group meetings, we strongly encourage hosts to change their settings so that only the host can share their screen.
“For those hosting private meetings, password protections are on by default and we recommend that users keep those protections on to prevent uninvited users from joining. We also encourage users to report any incidents of this kind directly so we can take appropriate action.”
Moore underscores the importance of making sure you avoid sharing a Zoom meeting link in a public forum “as anyone who has the link can join the meeting.”
In addition, he advises: “Also try to avoid using your personal meeting room for public meetings. If someone gets access to your personal meeting ID and the personal link, they could potentially then join any meeting in the room at any time.”
The “waiting room” is another useful tool where a host can only allow people in from a preassigned register. “For extra security, users can and should set up a password entry system,” says Moore. “This is effectively two-factor authentication for participants to use before entering the chat. Again, this password should only be shared privately.”
Zoom’s a very functional app, but I only use it when I have to. Given the privacy and security implications, I prefer options such as Signal for smaller groups or even open source app Jitsi, which is also pretty secure.