What is Zoombombing and how to defend against it
Before I define Zoombombing let me explain what Zoom is. Zoom is a very popular video conference service that has a free option that allows many users to have meetings and chat sessions with each other. It has been on the rise as more people are using it to stay in touch during the coronavirus restrictions.
Zoombombing is when an unauthorized person or stranger joins a Zoom meeting/chat session and cause disorder by saying offensive things and even photobombing your meeting by sharing pornographic and hate images. Imagine if your young kids are participating in an online school meeting and suddenly it is interrupted in that manner. Well unfortunately is has happened numerous times.
Most Zoom meetings have a public link that, if a person were to click it, it will allow them to join. Malicious individuals or Zoombombers have been collecting these links and sharing them in private chat groups, then signing on to other people’s conferences to cause disruption.
On Monday the FBI warned users of a nationwide rise on this issue, as more people have turned to the Zoom video-teleconferencing service. Zoom the company encouraged users hosting public group meetings to review settings for their safety as well as report incidents to its support team so it could “take appropriate action.”
When using Zoom for online classrooms, meetings or events, the host is advised to making meetings private and require a password or use the waiting room feature to control the admittance of additional people. The links to a teleconference or classroom should be sent directly to the individual participants and never be publicly available on a social media post. Finally, those managing a conference in Zoom should change the screen sharing option to “Host-Only.”
Experts in the field of information security and privacy have provided numerous suggestions when hosting a Zoom event. Compiled below is a list of recommendations. I have provided a few of the implementation process to apply these security and privacy features. For items not covered in this post, please check on the Zoom web page for additional instructions.
Zoom Safety Checklist
- Disable autosaving chats
- Disable file transfer
- Disable screen sharing for non-hosts
- Disable remote control
- Disable annotations
- Use per-meeting ID, not personal ID
- Disable “Join Before Host”
- Enable “Waiting Room”
- Assign at least two co-hosts
- Mute all participants
- Lock the meeting, if all attendees are present
If you are Zoombombed:
- Remove problematic users and disable their ability to rejoin when asked
- Lock the meeting to prevent additional Zoombombers
If you schedule a meeting from the web interface, you won’t see the option to disable screen sharing. Instead:
- Click on “Settings” in the left-hand menu
- Scroll down to “Screen sharing” and under “Who can share?” click “Host-Only”
- Click on “Save”
On the Zoom Settings page, turn off participant controls:
- Sign in to Zoom
- Click on the Settings link on the upper right (it looks like a gear).
- On the right side of the page, turn off: Autosaving chats, file transfer, screen sharing, and remote control.
Assign a Co-Host
For larger meetings, identify a co-host or two ahead of time whose role is to be a virtual room monitor and manage order during the meeting by managing the participants. Co-hosts are assigned during a meeting and cannot start a meeting.
- Sign into Zoom.us.
- Click on the Settings link on the left of the screen.
- Scroll down to the Co-host option on the Meeting tab and verify that the setting is enabled.
- Turn on Co-Host. If a verification dialog displays, choose Turn On to verify the change.
Prevent Screen Sharing by non-hosts
To prevent participants from screen sharing during a call, use the host controls at the bottom of the window, click the arrow next to Share Screen and then choose Advanced Sharing Options.
- Under “Who can share?” choose “Only Host” and close the window. You can also lock the Screen Share by default for all of your meetings in your web settings.
Enable the Waiting Room
Before you start your meeting, enable the Waiting Room for your meeting. You and your co-host will then play an active role in choosing who to allow into the room through the participants’ list.
Meeting hosts can customize Waiting Room settings for additional control, and can even personalize the message that people see when they enter the Waiting Room so they know they’re in the right spot. This is a great way to post rules and guidelines for your event, like your screen-sharing or muting policy.
Locking the Meeting to Prevent Re-Joining of Removed Participants
During the meeting, a host or co-host can click on the More and Mute All Controls at the bottom of the Participants List.
- When viewing the Participants List, click Lock Meeting (under More) to prevent other participants from joining the meeting in progress.
Muting All Participants
During the meeting, a host or co-host can click on the More and Mute All Controls at the bottom of the Participants list.
- On the Participants List, click Mute All to mute all meeting attendees.
I hope this information was helpful, more importantly, I hope this information lets you know you do not have to sit back and be a victim and that you have options that can protect your events. Please share this information with your peers and colleagues.
Good luck and be safe during these trying times…
*** This is a Security Bloggers Network syndicated blog from SecurityOrb.com authored by Kellep Charles. Read the original post at: https://www.securityorb.com/featured/what-is-zoombombing-and-how-to-defend-against-it/?utm_source=rss&utm_medium=rss&utm_campaign=what-is-zoombombing-and-how-to-defend-against-it