You log into a business meeting using popular online video app Zoom and each participant starts to introduce themselves, when suddenly, an uninvited young woman appears screaming and manically waving at the screen. This is the new reality if using Zoom without the right precautions and you are vulnerable to something known as “Zoom-bombing.” This has uninvited attendees watching your business meeting, and sharing sleazy images, which even has the FBI investigating it. No one can claim immunity from this threat.
Why does Zoom-bombing happen?
What explains this sudden upsurge of uninvited guests turning up at Zoom calls? Zoom is a big target due to the sudden surge in use especially after the COVID-19 virus has ensured that most people are now working from home. But it also appears that users are also responsible by sharing their Zoom meetings on social media sites like Twitter. A random search for Zoom.us on Twitter shows up multiple links to meetings, which anyone can then exploit to join. Cybersecurity specialists have also experienced Zoom-bombing first-hand and have tried to analyze why it got out of hand. From a list of people the host was allowing in, all of a sudden there were too many, and the host let them all in at once. As some of these were bombers, they took over. The session was immediately killed and then re-started. It appears that Zoom is under scrutiny from multiple angles and it appears that Zoom’s privacy policy is a major risk to your privacy. Recently there was a startling claim that Zoom was sending data to Facebook.
Steps to avoid Un-welcomed Guests
Zoom-bombing can occur when you least expect it, but sensible precautions can try and possibly reduce your risks. Zoom has even included a blog with tips on how to avoid this issue which appears to be pretty common and Zoom is unable to avoid it. Some experts have also tweeted tips to stop uninvited scoundrels from disrupting your video calls. A Zoom spokesperson even responded to complaints with this email statement, which reads that they are deeply upset as more incidents about attacks are being reported. For those proposing to host large, public group meetings, Zoom encourages hosts to change settings such that only the host shares their screen.
For hosting private conversations and meetings, password protection is on by default and it is recommended that users keep protections on, so as to prevent uninvited people from joining in. They encourage users to report such incidents directly so as to enable appropriate action. Make sure to not share a meeting link at any public forum since anyone with the link can join in the meeting. Also avoid using your personal meeting room for public meetings. Anyone securing access to your personal meeting ID and the personal link can join any meeting in the room at any later time.
Use of Waiting Room
The “waiting room” could be a useful function where a host only permits users in, from a pre-approved register. For added security, users should set up a password entry system which is effectively a two-factor authentication for participant use before entering the chat and this password can only be shared privately. Zoom is a very functional app, but could become rarely used, given the privacy and security implications, Signal is preferable for smaller groups and open source app Jitsi, which is secure.