Zoom bombing: protect meetings from virtual gate-crashers

03 April 2020

Globally' people have embraced videoconferencing technology to stay connected and conduct virtual meetings' particularly during the social distancing and isolation measures due to COVID-19.

Popular video conferencing technology platforms such as Zoom' Microsoft Teams' Skype and Google Hangouts are proving to be useful for continuity of many business activities.

However' as CQUniversity's Dr Ritesh Chugh points out' unwelcome attendees have found a way to infiltrate' interrupt and create mayhem in virtual meetings.

In fact' comedian Hamish Blake 'Zoom bombed' one of CQUniversity's own online Physiotherapy classes this week.

"This emerging phenomenon where people join virtual meetings without invitation and unannounced is termed as Zoom bombing or video-teleconferencing hijacking'" Dr Chugh says.

"Once the meeting is hijacked' the intruders can not only attend it but also view your content and share their own' often inappropriate and sometimes reprehensible content.

"The FBI has issued an advisory reporting multiple incidents of online meetings being disrupted by 'pornographic and/or hate images and threatening language'. Classrooms and office meetings have seen trolls enter and cause havoc. Apart from the time lost due to the intrusions' hateful and explicit content or profanity can be mentally distressing for participants."

Dr Chugh says Zoom is facing backlash for the hijacking of online meetings and other security flaws.

"As educational institutions are widely using Zoom' it is crucial to watch out for Zoom gate-crashers and take steps to build more privacy in virtual classrooms'" he says.

"Physical classrooms are regarded as safe environments' and the same should also extend to virtual classrooms."

Some steps meeting hosts can take to safeguard their online classes are:

  • Make meetings private not public' i.e. require a meeting password.
  • Share meeting links privately through email or an internal website' not on social media.
  • Turn off the 'Join before host' option' so participants are not able to join the meeting before the host joins' enabling the host to stay in better control.
  • Under screen sharing options' only 'Allow host' to share their screen. By default' all participants can share their screens.
  • Turn off 'File transfer' so malicious attachments cannot be shared. However' this will prohibit both the hosts and participants from sending files through the in-meeting chat functionality.
  • Enable the waiting room option. This will not allow participants to join the meeting until the host allows them in individually. However' this functionality may not work well for meetings with many participants.
  • Turn off 'Allow removed participants to rejoin'. This will ensure that previously removed participants from a meeting are unable to join.

Dr Chugh says users are also encouraged to exercise caution when they use the chat functionality of Zoom to write private messages.

"While the private chat is not visible to everyone in real-time' it will be saved along with the public chat when users record the session to their local computer rather than the cloud'" he says.

"Consequently' think twice about what you write in private messages. The meeting host can also disable 'Private chat'' so participants are unable to send private messages to each other.

"Videoconferencing users also need to be vigilant for spoofing' in which cybercriminals create disguised communication appearing to come from a trusted source. The spoofs could be in the form of websites' incorrect hyperlinks and emails.

"In closing' videoconferencing platforms offer a host of features. Meeting hosts should familiarise themselves with the functionalities' so meetings are not hijacked' and participants can meet in a safe virtual environment."

Ritesh in a Zoom meeting screen with a cartoon picture of a Zoom call as someone holds a Zoombombing sign