Security

‘Zoombombing’ and tips for preventing it

Fields marked with an * are required

Subscribe to our newsletter

Updated 31 March 2020

In recent weeks, as the world reels from the effects of social distancing due to the COVID-19 outbreak, we have witnessed a significant uptake in the use of tools like Zoom. So along with the fantastic way technology has risen to the challenge comes some problems, which seems to be a regular occurrence in the tech space, and we’re seeing a rise of cyber trolling or criminal activity.

There have been many cases of ‘Zoombombing’ reported in recent days, which is the simple act of trolls or users entering a Zoom Meeting ID and joining into an open meeting and then broadcasting very confronting sexually explicit content to the meeting. This content is broadcast by the user’s webcam or through screen sharing.

The Zoom platform has an inbuilt function to prevent this from occurring and therefore, increasing the control we have for securing our meetings.

By setting up the password protection function by default, Zoom can limit a meeting to only allow those invited with the password.

Zoom Admins can enforce this useful security measure at an institutional level, mandating password for all meetings.

Zoom released an enhancement on 26th March 2020 that will default screen sharing by host only instead of all participants in a meeting. This will prevent ‘Zoombombing’ by screen sharing.

Enable Host Only Screen Sharing

This setting gives the host of meetings sole permission to screen share content within the meetings by default.

Enable Host Only Screen Sharing Screen Shot

If the host would like to give permission to participants to screen share, the host can enable it during the meeting. This is done by clicking on the arrow to the right of the Screen Sharing icon, selecting Advanced Sharing Options and then selecting All Participants.

Zoom screen sharing screen shot

Advanced options for Zoom screen sharing screen shot

Zoom Settings to Control Passwords

In the Zoom Account Settings you will find the following password controls. Zoom Admins can enforce passwords for all existing, recurring and future meetings:

This is what a Zoom Admin will see:

Zoom admin view of password setting

This is what a Zoom User will see:

Zoom password settings for new meetings

Enable Waiting Room

Meeting hosts can control who enters the Zoom meeting. The Waiting Room feature allows the host to control when a participant joins the meeting. As the meeting host, you can admit attendees one by one or hold all attendees in the waiting room and admit them all at once.

To enable this, go to your Account Settings to turn on Waiting Room.

Lock Meeting

Meeting hosts can lock the meeting to prevent anyone new from joining. The host can find this under Manage Participants->More->Lock Meeting

Lock meeting screen shot

Join Before Host Controls

Also, it is good practice to ensure connections cannot be made before the host joins. If you enable participants to join before the host, anyone can join anytime and fraudulently use the meeting space for other activities.

Zoom join before host settings

Publicly sharing a Zoom Meeting ID/URL is also not advisable as this provides options for compromise of the session or fraudulent use.

More information:

Authors: Dave O’Loan, AARNet Cyber Security Specialist and Paul Hii, AARNet Collaboration Portfolio Manager

Disclaimer: this is general advice only and is not intended to be address individual circumstances. Each person should conduct their own evaluation of security and privacy considerations of using any product.


Related Stories

Security / Services

Apr 30, 2020

AARNet’s response to Zoom security and privacy issues

      Online safety and privacy is extremely important...

Security / Services

Feb 13, 2020

AARNet receives AustCyber funding for cyber security project

AARNet is pleased to be one of the 17 recipients in the latest round of AustCyber funding for industry-led projects, announced today by the Minister for Industry, Science and Technology, the Hon Karen Andrews MP. The AARNet project is developing...

Security

Oct 8, 2019

Reverse the threat of cybercrime this Stay Smart Online Week!

This week (7 -11 October) is Stay...

Security

Nov 26, 2018

How to defend your university against top cyber security threats

With cyber security a growing issue, creating...