ZoomBombing?! How Can You Protect Your Zoom Meeting from Attackers?


During the epidemic, many people used video conferencing programs to communicate with friends and relatives or assist with Work From Home (WFH), but they were alleged to have privacy issues and the meeting was invaded by unknown people. Among these video conference communication programs, Zoom is more popular. The average daily download of its application in the Apple Store has increased from more than 50,000 two months ago to over two million recently. Therefore, Zoom became the most downloaded video conferencing app. Even the UK Prime Minister used Zoom when he met with the Cabinet.

ZOOM was founded in 2011 by Yuan Zheng, a Silicon Valley software engineer who immigrated from China to the United States. The company went public last year, with a market value of $ 16 billion, and now it has risen to more than $40 billion. The advantage of Zoom is that it can accommodate 100 people for free at the same time and switch the background of the conference. It also has a lot of personalization tools, such as sharing screens, recording and holding encrypted private meetings. However, it has also been found to have many privacy issues. For example, conference administrators have been accused of excessive power, can see participants’ IP addresses, location data, device information, etc., and can monitor whether they are concentrating on the meeting.

In the past, people have been using Zoom’s screen sharing feature to inundate other viewers with graphic videos, pornography, and other NSFW content from across the internet. That’s’ what we call Zoombombing. Some experts believe that Zoom’s technical security in anti-eavesdropping is actually sufficient. Many problems are caused by the conference administrator not carefully set up the conference or the password chosen is too weak, which increases the chance of being invaded. Here are suggestions about how to stop Zoombombing:

  • Generate a random meeting ID: Avoid using your Personal Meeting ID to host public events.
  • Manage your participants:
    • Only allow signed-in users to join: Enable “Only authenticated users can join meetings” in Settings.
    • Lock the meeting: Lock Zoom meeting to restrict new participants, even with meeting ID and password.
    • Require a password: Share Meeting ID in public, but only send a password to join via a direct message.
    • Remove disruptive participants: Choose “Remove” under the participant’s name to kick him/her out.
    • Put people on hold or mute them: Try enabling Mute Upon Entry in your settings.
    • Disable video: Turn off someone’s video to block unwanted, distracting, or inappropriate video.
    • Waiting room: Try Waiting Room feature to stop your guests from joining a meeting until you’re ready.
  • Manage screen sharing: Restrict participants’ ability either before the meeting or during the meeting in the host control bar. Follow the instruction below, and you will be able to limit participants’ abilities in your meeting:
    1. To prevent participants from screen sharing, use the host controls.
    2. Click the arrow next to Share Screen, and then Advanced Sharing Options.
    3. Under “Who can share?” choose “Only Host” and close the window.
    4. You can also lock the Screen Share by default for all your meetings in your web settings.

LIFARS is now offering Remote Worker Cyber Resilience Service for securing your remote workers. Each service includes a Summary Report of current posture along with remediation guidelines. With our Gap Analysis testing as well as remediation guidance for your remote work cyberinfrastructure, your remote workers are protected from cyberattacks:

  1. Daily T.R.U.T.H.
  2. Quick Remote Access Penetration Test
  3. Remote Worker Device Assumed Breach Test
  4. Remote Vulnerability Access Audit
  5. Remote Worker Endpoint Protection
  6. Remote Worker Workstation Hardening Guidelines



Contact LIFARS Immediately For

Your Gap Assessment Solution