Update 8 April
- Zoom released a big security update. Get the latest version http://zoom.com/downloads
Update 3 April
Two key changes here:
- Zoom released a big security update to their app on Wednesday 1 April – update to the latest version http://zoom.com/downloads
- They are changing the default settings for passwords and waiting rooms- from a Zoom email:
“We’re always striving to deliver you a secure virtual meeting environment. Starting April 5th, we’ve chosen to enable passwords on your meetings and turn on Waiting Rooms by default as additional security enhancements to protect your privacy.”
“ZoomBombing” is This Week’s New Word
Casey Newton and Hunter Walk host a public Zoom call. “The WFH Happy Hour” A couple of weeks ago, a hacker joined in the call, and leveraged a weak default setting. The hacker took over the video feed on the Zoom call and played multiple videos that were described as “horrifying sexual videos.” When the hosts were trying to block the videos, the hacker dropped out of the call, and re-entered as another person and started the stream again!
I’ve got to say that I was stunned by this. It just doesn’t enter my mind to do things like this. (Which is why I’d be lousy at detecting hacking.)
Zoom is Super Helpful, (but Not Super Secure by Default)
Over the years, I’ve used just about every popular collaboration, audio and video app. And I’ve said for the last few years that Zoom really has been crushing the competition.
I love Zoom. Their product is simple to use, and runs well on my phone, my desktop, my laptop and more. I regularly host and participate in video calls that include participants from Europe and South America, and it’s top notch. I recently facilitated a mini-workshop with about 35 people and leveraged Zooms breakout room function and have seen good things done with the polling function, too. Good stuff.
That said, there are a lot of things we can learn about these tools. The easier it is to use a feature, the easier it is to HACK that feature, too.
In this case, the hacker took advantage of the default settings which allowed them to share their screen and to re-enter the meeting when kicked out. We can close those gaps.
How to Block ZoomBombing (& Still Have Great Zoom Calls)
I’m sure that clever hackers will come up with great ways to exploit ANY system, but if you change these three settings (and a bonus 4th setting) you can make your meetings more secure without making them a lot harder to use
There are three settings in Zoom you will want to change immediately:
- Block Screen sharing (except for the host)
- Block file transfer in chat
- Block removed participants from rejoining your meeting
- Log into your account on the Zoom website.
2. Click on your profile picture to pull up your account link
3. Click on the > symbol on the right side of your screen to get to the larger menu.
4. Click on Settings
Turn off Screen Sharing
5. Click on Screen Sharing, and set it to “Host Only” (You can allow other people to be co-hosts, and then they can share)
Turn off File Transfer
6. Click on File Transfer to disable attendees from transferring files that may contain Not Safe For Work content. (NSFW)
Once they are out, keep them out
7. Don’t let them back in. Click on “Allow removed participants to rejoin (make sure it’s off)
Bonus setting – add more security to your meeting
1. Require a password for your meetings.
Zoom defaults to a fixed number of meeting IDs, and without a password, anyone can guess a meeting ID and eventually drop into yours. Adding a password helps with security.
2. But you’ll want to make it easier to get into the meeting – without having to remember the password. So turn on this option
Here’s hoping your meetings go as planned, without surprises!