As Zoom booms during pandemic, harassment, security issues arise
What "Zoombombing" is and how to prevent it during online meetings.
As businesses and schools cease in-person work and learning, online meeting platforms like Zoom have become a popular replacement.
Zoom is a video application platform in which people can connect with others through video or audio. But meetings on Zoom have been susceptible to raids, where any number of people join the meeting and interrupt by playing offensive material. These raids are called "Zoombombing."
Like many business owners, Maple, Wisconsin, resident Chad Thompson, owner of Pasha Lake Cabins in Ontario, is searching for more information on how to weather the coronavirus pandemic. So he joined a Tourism Industry Association of Ontario Zoom meeting to do just that.
But the meeting was Zoombombed, during which the raiders played pornographic videos and yelled expletives.
"You go from this duration where you have information that's potentially super important to your business ... for our livelihood. And then, all of a sudden, you start watching gay porn," he said. "You can't even wrap your head around that transition."
For others, Zoom has been a positive experience — one that has brought their staff closer.
Dan Hartman, director of the Glensheen Mansion in Duluth, said staff are now meeting more frequently and are going out of their way to entertain one another.
"I think it's really been a bigger showcase than it ever would have normally (been) because people are craving this one-on-one human interaction," Hartman said. "When I meet with people, you can see people are more excited for a digital meeting than they ever would have before,"
Hartman said he isn't majorly concerned about Zoom security, as most of their work is public already.
Jason Davis, the chief information officer for the University of Minnesota Duluth's information technology systems and services department, said that he knew of four instances in which Zoombombing had occurred during classes or student clubs at UMD as of Friday and 10 total instances of it occurring across the whole University of Minnesota system.
"At UMD the way that manifested is somebody bumped into a class and started talking or saying things that were like a prank to hijack the class," Davis said, adding that the known instances of cyber attacks within the U of M system didn't rise to the disparaging levels other reports from around the country have.
In some of the cases, Davis said IT staff have been able to trace the cyber attack to an outside person who got access to the Zoom link that was shared in an online chat group.
"Most students wouldn't want to do that because they're subject to the student conduct code and they're identifiable," Davis said.
He noted that the security issues and disruptions Zoom is facing isn't uncommon in the world of new technologies. Rather, it's accelerated with so many people just now starting to use Zoom and Davis said the company is responding to issues in just a few weeks that most software companies deal with over a much longer period of time.
"They have been really good about responding to these issues and pushing out updates," Davis said.
Since Zoom was set up to be user-friendly and easy to use, the default settings were really open, Davis said, making it easy for anyone to join a meeting. With the recent influx in Zoombombing, the software company has since changed some of those default settings, including adding a security button featured on the interface that allows hosts to lock the meeting so no one else can join.
That feature was included in a Zoom update that was launched Thursday morning, which is why Davis also recommends people install the new updates when they come out. To prevent Zoombombing, Davis also recommended not sharing the meeting ID broadly or publicly and to always use passwords for meetings.
In addition, meeting hosts should require participant authentication that requires a Zoom username and password. It's also possible to utilize two-factor authentication, which requires participants to punch in a generated code sent to their mobile device.
"If you don't turn that on, anyone can click on the link and join your meeting," Davis said. "And that's where most of those who are robbing us come from."