Zoom Meetings Hacked? All About Zoombombing and How to Prevent it?

The much in-demand ‘Zoom’ video conferencing application has been in existence for the past decade, but became hugely popular during the global pandemic and lockdown from Covid-19. The escalating surge and interest from giant corporations to startups, and even personal hangouts, everyone is seen switching to this user friendly software in 2020. That should have been the clue for Zoom management to take their platform’s performance and security a notch higher. As we all know, with huge traffic comes huge responsibility. But it looks like the Zoom team is struggling to keep up with this.

Zoombombing, Zoom Video Call Hack, Zoom Meetings Hacked — such comments and headlines soon started spreading across the news and social channels. These incidents have mainly been reported across America and started going around March 30th, 2020.

The cyber-attackers are joining random Zoom video meetings and creating chaos with inappropriate comments, racial slurs, profanity, sharing offensive images, scribbling on screen and more. The issue has garnered interest from hackers, researchers, attorneys, government bodies and even the FBI.

What is Zoombombing?

Since Zoom became a preferred communication channel for businesses and personal use for a huge chunk of the global population, hackers saw it as a potential playground; and their disruptive activities prove just that. These evil agents are gaining access to Zoom meetings, joining in and start upsetting the group members by shouting or doing disturbing activities. Because these are random attacks, the whole agenda seems to be neither productive nor malicious, but simply meant for ‘fun’ or to harm the emotional state of those involved.

But this vulnerability can’t be ignored as it might cost a lot in cases of sensitive information. Say someone sneaked in a large group of people, and eavesdropped on classified information, or manipulated it for blackmail and other hostile methods. People have definitely started to notice this, and it will impact the application’s reputation if not dealt with quickly and effectively.

How Hackers are Zoombombing?

Before we dive in the process behind zoombombing, it is important to understand how hackers plan these attacks. Their mind is constantly finding loopholes and backdoors throughout the internet. So while we can’t completely blame Zoom.us for these activities, they should surely take a more strict approach to their privacy and security structure.

So the basic storyline starts with the Zoom meetings that can be set ‘public’ – this means that anyone can join the meeting with the correct link/ URL. The hackers can easily search for it on Google and social media channels like Facebook or Twitter, as many entities post it on their sites/ pages.

There was even a Reddit forum dedicated to revealing classroom Zoom meeting IDs. Though with recent developments, Reddit has banned it for breaching site policies.

How to Prevent Zoom-bombing?

Zoom CEO Eric Yuan has recently responded to rising security concerns, saying that the team is actively working to resolve these issues, and we should see a positive roll-out in the next 90 days. But that being said, each of us should do our part in staying safe and avoid zoom-bombing experiences. Follow the simple rules below to strengthen your Zoom privacy levels:

  • First and foremost, don’t share your meeting links publicly
  • Rather than using your Private Meeting ID, use an exclusive single-meeting ID, as these are randomly generated links, which brings down the risk factor by a lot
  • Zoom has a ‘Waiting Room’ feature, which you should definitely enable. This gives you a control of who is joining your call and you can deny access for any suspicious user.
    For this go to Account Management > Account Settings > Meeting
  • From the Settings tab, make sure to disable the following actions:
       - Join before Host’ option is disabled
       - File Transferring
       - Remote Control
       - Autosave Chats
  • Disable ‘Screen Sharing’ for users other than host by clicking on the arrow next to ‘Share Screen’, then from the advanced options click on ‘Only Host’
  • You can also lock a meeting after all the required users have joined in

What To Do When Someone Zoombombs you?

Is someone has jumped in to your zoom video meeting, despite of all your careful efforts, then don’t rush to end the call but rather try to regulate the environment with following steps:

  • In a meeting of a larger group, create at least 2 Co-Hosts who can control the permissions and settings just in case
  • Go to the Participants List, and mute all controls at the bottom, so he at least can’t rattle you with an audio

For a more detailed account of Zoom meetings Do’s and Don'ts, you can read the official blog from Zoom, telling us how to stay safe from Zoombombers.