Conferencing has played a crucial role for businesses, and never more than in the past year. Unfortunately, this has presented the opportunity for trolls to join in these remote collaboration efforts, interrupting them with inflammatory and vulgar content. Labelled “Zoombombing”, these attacks have led to the implementation of numerous privacy protections and countermeasures… but the question remains: how effectively do these protections defend a business’ efforts?
As a study has revealed, not effectively enough.
With the remarkable increase in the use of conferencing as of late, it comes as little wonder that cybercriminals and other miscreants have used it to their advantage. With the popularity of Zoom for personal and professional communications particularly increasing, the phenomenon known as Zoombombing—when a Zoom conference is hijacked by an outside party and bombarded with spammy, offensive content—has had a field day.
Adult videos have been shared, while other unwelcome visitors have been content to simply shout vulgar language and derogatory slurs. Some people have Zoombombed meetings to expose themselves to the participants.
In response, Zoom and other software developers have upped the protections surrounding their solutions, with things like password-protected meeting spaces, requiring participants to be welcomed into the meeting space, and recommending that businesses refrain from publicly sharing their meeting times.
Unfortunately, these efforts are limited in their efficacy by the unfortunate reality that many Zoombombing attacks are enabled by one of the participants working as an insider. By sharing the verified password to the meeting space, one of your users could easily hand out the keys to the castle, and they could share some names so attackers can hide in these waiting rooms.
This is all exacerbated when a meeting has a lot of participants, making these kinds of inconsistencies harder to catch and vetting each participant no longer feasible.
Two words: individual links.
As a disclaimer, not many services have this feature, but one very effective way that this could be remedied is for a conferencing solution to generate a unique access link for each participant. That way, the participant is required to log in, which allows the platform to cross-reference its records and check if that link was sent to the user who used it… as well as helping to identify which user may have leaked their link.
Furthermore, these links would only accept one user to make use of it at a time, meaning that a link in use by your actual user couldn’t also be used by a would-be Zoombomber.
With any luck, more platforms will adopt these options, helping to make conference meetings more secure, and more productive as a result. In the meantime, SCW is here to help you with the rest of your security. Give us a call at (509) 534-1530 for assistance.
About the author
Sam is a network engineer with a broad range of experience spanning more than 35 years. He wrote is first piece of code in 1979 and has been involved with the industry ever since. For the last 20 years, he has worked for SCW Consulting where he has embraced his passion for network technology and security.
Mobile? Grab this Article!
Tag Cloud
Comments