Zoom privacy: A guide for ZoomBombing

Chris Burns - Apr 1, 2020, 5:02 pm CDT
0
Zoom privacy: A guide for ZoomBombing

The video chat app Zoom isn’t private by default. You’ve got to do a few things before your Zoom meeting is secure. You’ll need to make sure you’re not downloading a malicious bit of software. You need to make sure you’re not sharing your room name. You’ve got to tap a few buttons and follow a few rules – and it CAN BE relatively easy to make certain you’re entirely safe from negative elements like “zoombombing” or “zoom-bombing”.

Malicious parties are using the popularity of Zoom to target people who might not normally use video chat software… or any other software, for that matter. They’re targeting your co-workers, friends, and relatives that you wouldn’t be surprised to hear say “I’m not good with technology.”

They’ve created malware that poses as official Zoom software. They’ve crafted emails with links to webpages that look like Zoom’s official webpage. They’ve found ways to drop in on Zoom chats without being invited. All of this SHOULD be easy to avoid.

FBI warning

Yes, there was an FBI warning about Zoom. Per our report from earlier today, the FBI issued a warning for potential Zoom users. This warning let it be known that Zoom is not particularly secure by default. Much of what they suggested for security is included below.

The right apps

Do NOT download any ZOOM apps from any 3rd-party sources. The webpage where you’ll find all the official apps is Zoom.US/download. That’s the official Zoom homepage, where they list links to the apps they’ve made.

Do not download any Zoom app from an email, do not load Zoom from any source other than the Google Play app store (linked via Zoom, above), the Apple app store (linked via Zoom, above), or if you’re on a desktop machine – straight through the browser, or with the apps provided by the link above.

You’re being recorded

ALSO NOTE: If you’re in a Zoom meeting, you could be being recorded. In the upper left-hand corner of your Zoom chat window, there’ll be an indicator that’ll let you know. Any user can download all chat logs from the meeting as they’re exiting the meeting – that includes only the text they’d have otherwise been able to see during the meeting.

Use a password

When you create a Zoom room, set it so it requires that participants enter a password. Do not create a Zoom room that does not require a password. The generation of Zoom room names is such that a random individual can potentially enter if a password is not set. You can avoid random drop-ins by setting a password for the room.

Above you’ll see the settings you’ll want to roll with if you’re initiating a meeting. If you’re the host, you’ll want to select your own meeting name – select the number – and set a password. These elements are super simple to edit, and essential to ramp up security.

Disallow sharing by participants

See the settings listed below – you’re going to want to make sure you’re disallowing wild sharing by random participants. This should further act to stop Zoombombing – if all other measures fail.

Do not share in public

Do not share screenshots of your Zoom chatroom. These screenshots can contain information that’ll allow malicious parties to enter the room without your authorization. This can also be mitigated by setting a password for the room – but still, do not share screenshots of your Zoom room.

Also avoid sharing the name of your Zoom room – or invites, for that matter – in public. Share your Zoom room invite in an email, or over more secure chat apps, from you to one person. One person to another person – not via mass email lists. The more people with whom a Zoom invite is sent, the higher the chance is that this invite will be shared (intentionally or unintentionally) with individuals who weren’t invited in the first place.

Try something else

Try Microsoft Teams, Hangouts Meet, Zoho Meeting, or GoToMeeting. You could try Cisco Webex Meetings (or see Slack), LifeSize, GlobalMeet Collaboration, or BlueJeans. There is no perfect solution – but there are definitely more solutions than just Zoom!


Must Read Bits & Bytes