- With lockdown in place, people are using Zoom app to work from home.
- Zoom-bombing happens when scammers and pranksters take over the control of the main Zoom stream.
- Experts advise that users should lock the Zoom settings to avoid embarrassing zoom-bombing incidents.
As the outbreak of the novel coronavirus continues, more and more physical distancing measures are being implemented by governments, institutions and individuals. With people working from home, video conferencing app Zoom has become top choice for professionals to conduct important meetings and interactions. But as the practice of such meetings grows, so does the abuse of the app.
On Thursday, a press conference called by the Broadcast Audience Research Council (BARC) was infiltrated by uninvited crashers who used the "default open access" settings of the host to get unauthorized access into the virtual press conference and took control of the main panel. The press conference had to be abruptly stopped as the infiltrators doodled around the presentation screen and started playing loud music and porn videos during the meeting. The trend known as Zoom-Bombing, has become a big problem for organizations and individuals who are new to the technology.
Even big corporations and governments are using Zoom meeting for official cabinet meet. UK Prime Minister recently posted pictures of his first digital cabinet meeting on Twitter, soon researcher pointed out a that the Zoom meeting ID was visible in the picture making it vulnerable for outsiders to get access to the meeting. Security analysts point out that these incidents are largely due to unawareness of the users, rather than security flaws of the platform.
Cyber security analysts suggest some basic Dos and Don'ts for your next Zoom meetings, here is an advice from Manan Shah, CEO of Avalance Global Solutions,
1. One should use private mode to stop strangers joining your account.
2. Don't share your public meeting ID with anyone. Do not share these details on websites, emails and do not post screenshot or videos of meetings where your meeting ID is visible.
3. You should set up a password for participants to verify their identity before entering, as it will act as a filter even if the meeting ID has gone public.
1. Do not share control with any other unknown participant. Make sure to check "Host" under who Who Can Share? tab.
2. A two factor authentication should be used to allow anyone joining the meeting even if the participants disconnect and re-join during the meeting.
3. Users should report unauthorized entries to Zoom, so that action against such habitual accounts should be taken.
While Zoom meeting has received most eyeballs in recent times, there are other platforms offering more secure environment. There are number of such apps, including apps from established players like Microsoft, Google, Cisco and others. There are also open source alternatives to apps like Zoom. One of that is Jitsi Meet. In India, there is also an app called LogMeIn. "It's important for users to validate that the videoconferencing or chat system you are utilizing has the right privacy and security practices and controls. We have a dedicated global 24×7 CSIRT (Computer Security Incident Response Team) (that can keep users safe)," Rahul Sharma, MD, India LogMeIn told India Today.