Zoom’s video-conferencing software has seen a surge in hacked video calls around the world, with a new phenomenon, ‘Zoombombing’, disrupting unsecured conference calls.
As large numbers of people work from home due to Covid-19, online trolls have begun searching for Zoom calls where meeting hosts have not passworded access or credentials are easily obtainable, and disrupting meetings with either audio or un-expected screensharing of inappropriate material to other attendees.
Zoom’s ease-of-use for beginners and freemium download option have proved popular in recent weeks with the platform surging to over 200 million users – a pattern also seen among similar conferencing platforms from Microsoft, Cisco, Google and others.
Automated Zoom conference meeting finder ‘zWarDial’ discovers ~100 meetings per hour that aren’t protected by passwords. The tool also has prompted Zoom to investigate whether its password-by-default approach might be malfunctioning https://t.co/dXNq6KUYb3 pic.twitter.com/h0vB1Cp9Tb
— briankrebs (@briankrebs) April 2, 2020
Cyber security experts have also highlighted the availability of automated Zoom-call hacking tools in the darker corners of the web – able to seek out conference calls without passwords for trolls to exploit.
Most experts believe Zoombombing intruders can be avoided with routine security precautions which should be taken by the host (and co-hosts) of any Zoom meeting.
In particular Zoom meeting hosts have been cautioned to:
- Set a unique, complex password for every Zoom meeting
- Generate a random ID for each meeting, try to avoid using your personal one. Zoom have published a helpful article on how to do this.
- Not share screenshots of their meetings. (Even UK Government Cabinet Ministers’ accidentally publishing shared calls with visible meeting IDs recently. Don’t do it!)
- Avoid sharing meeting IDs on publicly visible social media or websites.
- Disabling screen-sharing rights unless needed via Screen Share > Advanced Sharing Options > Who Can Share?
- Enforcing Waiting Room prior to new attendees being permitted to join the meeting
- Lock Meetings once all attendees are present via Participants List > More > Lock Meeting
For Cybersecurity expertise & IT Support, please contact Lineal today