Zoombomb

Video conferencing platform Zoom has been crowded with the spread of the Covid-19 pandemic and the adoption of social distancing measures.

Criminal cyber activity has grown alongside Zoom’s burgeoning user base. By far the most common issue for those attending virtual meetings is something called “Zoombombing,” where rowdy meeting crashers create chaos during meetings, letting loose a barrage of NSFW chat messages and porn imagery via Zoom’s Screen Share feature.

The spread of Zoombombing is captured in the name. Zoom’s lax default security settings allow meetings to be conducted via publicly accessible URLs, and Screen Sharing is enabled for all attendees by default, and the way to turn that feature off requires both knowledge and a few time-consuming clicks. Worse, meetings can start without a host, the only person with the ability to block invaders and turn off the default Screen Share function. 

To protect against Zoombombing, follow these precautionary steps. (Note: The settings and locations for options can vary based on the version of Zoom used as well as the device and operating system):

  • Disable Screen Share by default: Disabling this feature blocks users from sharing videos and graphic imagery and can be found in-meeting under Share Screen > Advanced Sharing Settings. The control for this is located next to the Screen Share button on the web version.
  • Assign a co-host to your meeting before it starts to help moderate: Zoom allows hosts to create a “co-host.” If you get zoombombed, two defenders are better than one since the meeting crashers need to be removed individually.
  • Lock meetings once all anticipated attendees have logged on: This feature can be found under the “more” menu next to the participants button.
  • Disable “File Transfer”: There have been instances of Zoombombers sending malware to attendees. Disabling file transfer can block a potential cyberattack.
  • Disable “Allow Removed Participants to Rejoin”: Found under the Settings menu in the Zoom web portal, this option blocks unwanted attendees from rejoining after being ejected from a meeting.
  • Disable “Virtual Background”: Virtual backgrounds allow attendees to protect their privacy or personal details in their home offices, but have also been abused to display disturbing and graphic content. This feature can be disabled under “Account settings” in the Zoom web portal.