In a time of indefinite self-isolation and social distancing, video conferencing app Zoom has evolved from a novel technology to the lifeblood of our day-to-day communication almost overnight.
But, on Monday, the Federal Bureau of Investigation issued a public warning that Zoom (as well as other video conferencing tools) might not be as secure as we’d thought. The FBI warning came after a series of hacking incidents, cleverly referred to as “Zoom-bombing,” struck Zoom users nationwide recently.
Essentially, trolls were having a flipping field day, bursting into virtual conferences and screen-sharing hardcore porn, racist epithets and even Nazi symbols in the middle of work meetings, online classes, religious services and family calls.
In one incident, a high school in Massachusetts saw an uninvited person show up during a Zoom class and display swastika tattoos. Another school in the same state reported an online class disrupted by someone screaming profanities and then yelling out the teacher’s home address.
In fact, this week I had a first-hand taste of Zoom-bombing myself.
Since all live performances are shut down amid the pandemic, last night I produced one of my regular comedy events online. It seemed like an innocent thing at first, until a couple of minutes in, all the screens were suddenly taken over. A bong-smoking man appeared on screen out of nowhere. Then, hardcore pornography was pinned to the center screen, as racial expletives became a cacophony of irritating noise. (To make matters worse, Zoom’s “mute all” function suddenly had zero effect.) And women participants were being yelled at to show specific body parts.
It was like a zombie attack. What was intended as a fun-loving comedy show suddenly became a crash course into the vile concept of Zoom-bombing and ended with me pushing the “eject” button and abruptly closing the session. The trolls won.
So, what did I do wrong? And what can you learn from my grave mistakes?
First of all, it’s easy to Zoom-bomb a meeting. (I’m saying that not as an encouragement, but a cautionary tale.) A lot of us share meeting links on public forums. In some cases, a simple Google search for URLs including “Zoom.us” can lead trolls to unprotected conference links. In the case of my comedy show, me sharing the show link to open social media sites led hackers to pin hardcore pornography to the main screen of my broadcast.
Therefore, you should always make sure that your Zoom meeting links are protected. Go to the backend of your Zoom account and check your security settings. Make sure to use “per-meeting ID” for group conferences (never use “personal meeting ID”) and enable the “Waiting Room” feature so you can see who is entering your meeting. Then, set your screening sharing options to “Host Only.” You can also lock the meeting once all your participants have arrived.
In the case of live streaming entertainment events, which the general public is encouraged to attend, be sure to create a secondary link strictly for viewers. One way you can do this is by feeding your Zoom broadcast to such live streaming platforms as OBS and then feeding it out to more secure platforms like Twitch or Facebook Live. Another method is to make your Zoom event a webinar, where only those invited as participants can interact.
The bottom line is, do your homework first to ensure that your Zoom call with grandma won’t be interrupted by unknown trolls screaming profanity. It’s the Wild West out there, and we are in this together.