On April 15, 2020

How to prevent ‘zoom-bombing’ in your next videoconference

As the U.S. COVID-19 health crisis continues, many businesses, organizations, and schools adapt to utilizing temporary telework arrangements. Better Business Bureau (BBB) warns video conference app users of recent “Zoom-Bombing” where hijackers infiltrate the Zoom session.

Zoom’s founder and CEO Eric Yuan said in a blog post Wednesday, April 1, that the company went from 10 million daily users in December to more than 200 million in March. He said the platform was meant for corporate users with their own IT departments.

“We did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home,” he wrote. The company is halting work on features for 90 days to focus on security fixes as hackers crash video chats and harass users, a trolling technique known as Zoombombing.

BBB offers the following information and tips to prevent video hijacking.

How Zoom-bombing works

Video hijacking attempts occur when conferences are hosted on public channels shared over the internet via URLs, making them accessible to anyone. Hijackers can sometimes guess the correct URL or meeting ID for a public Zoom session, giving them access to the feed.

According to the FBI, there have been two incidents in Massachusetts of Zoom hijackings. One event occurred during an online class using the teleconferencing software Zoom. Unknown individual(s) dialed into the classroom, shouting profanity and the teacher’s home address. The second video disturbance took place when a visible individual on the video camera began displaying swastika tattoos.

Trent Lo, a security professional and founder of SecKC, Kansas City’s longest-running monthly security meetup, tested and exposed Zoom’s security issues. He found that the only meetings that are protected from Zoom Meeting ID auto-dialers are the videoconferences that have set a password.

You can also enable the option:“Embed password in meeting link for one-click join.” This prevents an actor from accessing your meeting without losing the usability of sharing a link to join.

For users organizing public group meetings, BBB strongly encourages hosts to review their settings and confirm that only they can share their screen. This will prevent any outside disruption from the main video feed on a public session.

Users also need to be careful of cybercriminals impersonating video conferencing sites like Zoom, with their goal of stealing your personal information. Learn more of meeting settings and in-meeting actions you can use to prevent Zoom-bombing.

BBB offers the following tips to prevent video hijacking:

Use a unique ID for large or public Zoom calls

When you create a Zoom account, the app assigns users a Personal Meeting ID (PMI). When hosting a large Zoom call where members of the public are attending, it’s better to use a one-time code rather than a user’s PMI. If not, hijackers can use the PMI to try and jump in on your Zoom calls at any time.

Require a meeting password

For those private hosting meetings, password protections are on by default. Keep those protections on to prevent uninvited users from joining. It’s only an option when you generate a unique ID, not when you use your PMI.

Don’t share the unique ID publicly

Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific meeting attendees.

Allow only hosts to share their screen

Don’t let anyone hijack the screen during a Zoom call. To prevent it, make sure your settings indicate that the only people allowed to share their screens are hosts. Navigate to Personal > Settings > In Meeting (Basic) and look for Screen sharing. Check the option that only allows the host to share.

Create a waiting room

When participants log into the call, they see a Waiting Room screen that you can customize. They aren’t let into the call until you, the host, let them in. Hosts allow people in all at once or one at a time, This lets you screen the attendees and if you see names you don’t recognize in the Waiting Room, you don’t have to let them in at all. More instructions for enabling Waiting Room here.

Create an invite-only meeting

If you have Pro, Business, Education, or Enterprise Zoom accounts, enable “Authentication Profiles” settings, so anyone who tries to join your meeting without proper authorization will see a notification on their screen telling them that the video conference is for authorized attendees only.

Lock a meeting once it starts

If you start a meeting and all attendees have joined, hosts can lock the meeting from new participants. During the session, navigate to the bottom of the screen and click Manage Participants. The Participants panel will open. At the bottom, choose More > Lock Meeting.

Remove attendees or put them on hold

Hosts can kick unruly attendees out of a call or put them on hold. To remove an attendee, hover over the name of the person you want to remove on the Participants panel on the right. When options appear, choose Remove. By default, an ousted guest cannot rejoin.To put the guest on hold: During the call, find the video thumbnail of the person you want to put on hold. Click on their video image and select Start Attendee On Hold. Hosts can reverse this action by clicking Take Off Hold in the Participants panel.

Disable the participant’s camera

Hosts can turn off any participant’s camera by opening the Participants panel and clicking on the video camera icon next to the person’s name.

Keep Disable File Transfer settings active

Keep default settings on to Disable File Transfer to limit participants from sharing files, including images and animated GIFs within the chat. Open Settings in the Zoom web app (it’s not in the desktop app). On the left side, go to Personal > Settings. Then click In Meeting (Basic). Scroll down until you see File Transfer and slide the toggle to disable.

Do you want to submit feedback to the editor?

Send Us An Email!

Related Posts

Former Democratic lawmaker John Rodgers to run for lieutenant governor as a Republican

May 29, 2024
By Ethan Weinstein/VTDigger John Rodgers, a former Vermont House and Senate Democrat from Glover, is running for lieutenant governor as a Republican.  “I don’t feel like I left the party. I feel like the party left me,” Rodgers said in an interview Friday, describing himself as a moderate. “I feel closer to Phil Scott than I…

Gov. Scott signs budget, vetoes renewable energy standard bill

May 29, 2024
On Thursday, May 23, Governor Phil Scott, as expected, signed the budget bill into law H.833, while vetoing H.289, An Act Relating to the Renewable Energy Standard.  Scott has long voiced his opposition to the renewable energy bill because of the cost and complexity in how the law could be carried out and the ultimate cost…

Gov. Scott vetoes bill that would’ve restricted bee-killing pesticide

May 22, 2024
Staff report On Monday, May 20, World Bee Day, Gov. Phil Scott vetoed legislation meant to protect bees and other pollinators from a widely-used neuorotoxic pesticide. The bill (H.706) would  eliminate most uses of neonicotinoid pesticides (neonics) in Vermont, which have been associated with alarming losses of managed and wild bee populations. Neonic insecticides are used on…

Health premium increases of 16%-19% projected for 2025

May 22, 2024
Vermonters are again facing steep upward premium growth for 2025 due to the cumulative impact of hospital costs, drug prices and state health care policy choices. Blue Cross and Blue Shield of Vermont projects that these trends will continue and will require rate increases of 16.3% for individual health plans and 19.1% for the small group…