Zoombombing?

by | Apr 9, 2020 | Tech Tips

Have you heard of the term “Zoombombing”? I’ve had a few friends that are not in tech ask about this, since it’s getting a lot of exposure on the news. If you don’t know what this is , here’s a nice urban dictionary definition:

https://www.urbandictionary.com/define.php?term=ZoomBombing

As I’m not a security expert and definitely don’t claim to be, I’ve gone through my share of tech security exploits at various tech companies I’ve worked at here in the Silicon Valley. As most people are not aware of this, it’s a common issue that any tech company has to address, especially if they’re popular. It’s definitely more exposed when you have a product that goes viral like Zoom has in the past couple of weeks, since hackers love their press!

If you recall one of the last security exploit that was in the news was when the Amazon Alexa got hacked. As these exploits are serious, most companies jump on these issues immediately, fix the security issue, and after time most consumers forget they ever happened.

People are still using Alexa devices. Just yesterday my friend Steve Reynolds owner/winemaker of Reynolds Family Winery while we were shooting an online video went “Alexa play music… Alexa turn volume up…” I also use Alexa in my home :). So obviously the Alexa news didn’t make us stop using the fun devices.

I’ve talked to a few friends that I feel are very familiar with security and tech. I consult with them on any security risks I’m concerned with. And they gave me some great insights.

The 2 common thing you want to do to protect your Zoom meetings are:

  1. Set a password! This pretty much eliminates the security exploit
  2. Don’t broadcast the Zoom meeting ID. Meaning sending out a newsletter that gives out your personal meeting room ID is just inviting a hacker to bomb your Zoom meeting.

As you’re probably aware Zoom has been getting updates almost daily. So they’re doing exactly what I’ve seen when I’ve worked at these companies and most likely have secured the major exploits. Not saying it’s completely secure, but I’m not going to worry about it and I’ll still use Zoom.

Some nice quotes from my friends I talk to on security:

“Don’t broadcast the meeting ID to the rest of the world without doing something more… like saying, “please email us for the meeting password””

“To be fair to them… Zoom was not originally created for what it’s currently being used for, so they’re doing their best to retrofit it now”

“If your meeting ids are simple 9-digit numbers, you can do the math as to how much guessing it takes to hit one if your number of meetings, which starts getting into the millions”

“Everything I have read on the security blogs, simply enabling (or not disabling) meeting passwords protects most of the cases of Zoombombing.”

And to end my blog here’s a nice tech article on Zoombooming that shows a password defeats the security exploit from security experts.

https://krebsonsecurity.com/2020/04/war-dialing-tool-exposes-zooms-password-problems/

Happy Zooming!!!

-Paul

Photo by Allie Smith on Unsplash