Zoom "Bombing" Trend
With the rise of Social Distancing and Shelter-In-Place, people are finding inventive ways to stay in touch. One of these ways is public ‘gatherings’ via Zoom. Because the invites are open to the public and meant to draw a crowd, the meetings often lack basic protections. The links are publicly available, and the sessions are not password protected. This makes those sessions vulnerable to hijacking or ‘bombing.’ (Someone joins with malicious intention to disrupt the gathering/meeting.)
In general, this should not be much of a problem as our links are not widely/generally available, and in 2019 ZOOM took steps to mitigate the ability of malicious actors ‘hacking’ sessions by guessing or brute forcing session-IDs.
If you would like to add additional protections to your meetings, please consider the following features:
- Password protect meetings and securely share the password with participants
- Enable a waiting room (the host grants access to the meeting)
- Use the Only Host Can Share their Screen setting
- Ensure Allow Removed Participants to Rejoin in turned OFF
Settings can be found in the ZOOM web portal under Settings\Meeting.
For more information please visit:
https://it.arizona.edu/documentation/zoom-security-options
Thank you,
Information Security Office
THE UNIVERSITY OF ARIZONA