Culture / Networking / Security

How to Protect Your Virtual Meetings from Zoombombing

7 Apr 2020 11:10am, by

Imagine, if you will, you’re participating in a Zoom meeting and, out of nowhere, a participant starts shouting epithets, displaying offensive content, and just generally disrupting your meeting. I don’t know about you, but to me, that sounds like something straight out of a college prankster’s handbook.

Although that might be true, it’s also happening now with Zoom meetings. This trend is called “Zoombombing” and it’s become quite the rage. In fact, new internet communities have started popping up where users go to share Zoom conference codes and request others to connect with the meetings and hurl insults, play pornographic material, and even make death threats against meeting attendees.

This issue has become so rampant that Zoom CEO Eric Yuan has put a freeze on feature updates, in order to address the security issues. Zoom’s promise was to address the problem within the next 90 days, when Yuan said, “Over the next 90 days, we are committed to dedicating the resources needed to better identify, address, and fix issues proactively. We are also committed to being transparent throughout this process. We want to do what it takes to maintain your trust.”

Another writer for The New Stack, Jennifer Riggins, experienced this phenomenon first hand. She started doing remote dance parties five years ago and recently, because of the current situation, revised the event. She recently created a Zoom meeting and invited some women in tech and parenting communities she’s a part of. She used a Save the Date tool to create a fun, euphoric activity.

As soon as she opened the event, however, she was overwhelmed and confused. Flooding from her computer speakers were so many songs and noises at once. She couldn’t get control of the screen share (even though it was her event) which was displaying a constant barrage of Nazi paraphernalia, porn searches, and mockery of the disabled. To avoid the onslaught, she had one choice — end the meeting.

Zoom promised to secure its web-based video conferencing at the beginning of April. In this duration, however, countless of  Zoom meetings will have taken place — some of which might include discussing sensitive company information. The dramatic increase in numbers is due primarily to the COVID-19 pandemic and the global “stay at home” orders being handed down by leaders on various levels. That means, until Zoom arrives at a solution, every meeting you host or attend runs the risk of being Zoombombed.

What do you do?

Obviously, you could use a different platform for your teleconferencing needs. For instance, you could always migrate to the open source Nextcloud Hub and use their built-in Talk feature. Another open source alternative is Discord.

Although an alternative might seem appealing, you will find yourself having to use Zoom at some point. It is, after all, one of the most widely-used teleconferencing platforms on the market. So when your hand is forced, what can you do to prevent Zoombombing?

In some instances, not much. If the information for your meeting escapes into the wild, there’s little you can do to prevent ne’er do wells from accessing your event.

However, if you manage your meeting carefully, you can mitigate Zoombombing as much as possible at the moment.

Let me show you what can be done.

Manage your Attendees

The first thing you need to do is keep control over your attendees. If your meeting is small enough, this is simple—chances are you’ll know everyone logged in. If the meeting is large, however, you should take at least one step to prevent bad actors.

When you set up a meeting, there is a configuration option that allows you to mute all participants upon entry. This means they can view the meeting, but not speak. This will at least prevent them from vocally disrupting. To set this option, start your meeting and then click the Manage Participants button. In the resulting window (Figure 1), click the More drop-down and then click the checkbox for Mute participants on entry.

Figure 1: Muting participants upon entry.

You can also click the Mute All button the Participants management window. To make this actually effective, you’ll want to uncheck the box for Allow participants to unmute themselves (Figure 2).

Figure 2: If you don’t uncheck this box, anyone can unmute themselves and disrupt your meeting.

But what happens if an attendee starts sharing questionable or vulgar content via images? You can always remove them. To do that, locate the attendee in question in the Participant Management window click their entry, click the More button, and then click Remove (Figure 3).

Figure 3: Removing an attendee from a meeting.

Another way to manage attendees is by way of Waiting Rooms. Because of the rise of Zoombombing, the company announced in a tweet that it is enabling Waiting Rooms by default. What are Waiting Rooms? Simple. When an attendee enters a meeting, they are sequestered into a room separate from the actual meeting. Those attendees wait in that room until an organizer allows them in. This is an easy way to prevent unwanted users from showing up and wreaking havoc.

Locking Down a Meeting

The best thing you can do to secure your meetings is to lock them down. Once a meeting is locked, no new attendees can join. If you opt to go this route, you’ll want to first make sure all in attendance should actually be there. If this is with users you do not know, you can always email them a code and have them share their unique code with you once in the meeting. After you’ve verified everyone in attendance should actually be there, open the Participant Management window, click More (bottom right corner) and then click Lock Meeting. You’ll be prompted to verify the locking of the meeting (Figure 4).

Figure 4: Locking a Zoom meeting.

Once you’ve locked a meeting, you can unlock it by clicking the More button again and clicking Unlock Meeting.

Set a Meeting Password

Zoom also allows you to set a meeting password. You can use this feature for both instant and scheduled meetings, but you must configure it from the web-based portal. Log into your Zoom account and click your profile icon (upper right corner) and click your email address. In the resultant window, click Settings and then scroll down until you see the entries for Require a password when scheduling a new meeting and Require a password for instant meetings. Click the On/Off sliders until they are in the On position (Figure 5).

Figure 5: Enabling passwords for meetings.

To be even more safe, uncheck the option for Embed password in meeting link for one-click join. This means users will have to manually type the meeting password, but it’s better to be safe than convenient.

When you then create an event, and you go to invite people to the meetings, you’ll see the meeting password in the bottom right corner of the invite window.

The one caveat to passwords (and this is a big caveat) is that when you set up scheduled meetings, that password is sent out, in plain text, in the meeting invites. So your best bet, until Zoom gets this issue ironed out, is to only create instant meetings and then share the information out in a more secure manner (such as sending meeting IDs and passwords in separate or encrypted emails).

Nothing is 100% and Zoom meetings are far from it. But with a bit of care and caution, you can avoid getting Zoombombed. These suggestions aren’t foolproof, by any stretch of the imagination, but they are exponentially better than doing nothing.

Feature image by OpenClipart-Vectors from Pixabay.

A newsletter digest of the week’s most important stories & analyses.