April 08, 2020
As more of the world rightfully takes social distancing measures to slow the spread of COVID-19, the audience for the Zoom video conferencing app has expanded tremendously. As with all sudden rapid growth of digital social spaces, this expansion has revealed new platform vulnerabilities and opportunities for bad actors to take advantage of those vulnerabilities. ADL has been tracking the prevalence of “Zoombombing” over the last several weeks -- where bad actors join public video calls and engage in disruptive and sometimes hateful and harassing behavior targeted against participants on a call.
ADL is providing support for the public to protect themselves from Zoombombing and has been providing Zoom with feedback on improvements to the product to address these vulnerabilities on their platform and give users more control in protecting themselves.
This morning Zoom released an update to their product responding to these concerns that ADL and others have raised. Let’s jump in to help you to protect yourself and your meetings:
Along with some under-the-hood security settings, Zoom’s new update for Mac and Windows provides a security icon in the control panel of a Zoom call’s host. This security icon centralizes a number of features of Zoom and makes it easy for a host to take action to protect against Zoombombing -- even while a meeting is in progress.
Updating the software to the latest version
Open up the Zoom app. In the top right corner of the app there should be a little square with the initials of your username and a little green dot. Hover over the square with the green dot and you will see the menu pictured above. Find the “Check for Updates” option and click it. If you’re using a Mac, you can also click on the “Zoom.us” menu on the top left of your desktop, and click on “Check for Updates”.
This will lead you to the installation screen pictured below.
Click “install” to install the update.
What does the update do?
Once you have the update installed, you will be able to see the “Security” button in the middle bar of your meeting’s control panel, as seen below.
There are several options on the new security button to help protect and defend your Zoom call.
- Lock Meeting
- This option will make it so that no additional people beyond those currently on your Zoom call can join your call, even if they have a public link to join. You want to keep this unchecked until your meeting is in progress - otherwise people can’t join!
- Enable waiting room
This option will make it so that when people join your call they will be put in a queue to be admitted to the call by the host, rather than being immediately allowed to join. We recommend making this option CHECKED.
- Allow participants to:
- Share Screen
- This will toggle on or off the ability for users to share what they are currently looking at on their computer screen with the other attendees on the call. We recommend making this option UNCHECKED.
- This will toggle on and off the ability for users to type in communications to other participants on the call using the chat feature. We recommend making this option UNCHECKED for maximum safety, but we recognize that many meetings benefit from having chat turned on. However, if you are zoombombed, you can immediately turn off chat while the meeting is in progress.
- Rename themselves
- Share Screen
This will toggle on and off the ability for users to change the name that their Zoom window presents to the other users on the call. We recommend making this option UNCHECKED.
While there are other concerns that Zoom will need to address in order to make their platform safe, respectful and inclusive for all people as they continue their unprecedented growth, this update is an important step. These updates, if they function as intended, will provide quicker access for users to some of the basic security measures on the platform, and will likely ensure greater safety for users from Zoombombing.
A reminder if your meeting is Zoombombed
Even with all of these vigilance measures, your meeting may still be vandalized. If so, ADL has a detailed blog post on what to do, but here’s a handy checklist:
1. Start recording your meeting. This allows you to collect evidence of the perpetrators and what they are doing before you kick them out. Click on the “Record” button at the bottom of your screen, see below:
2. Lock the meeting, using the security icon
3. Kick off the Zoombombers from the Participants icon, just to the right of the security icon.
4. Take a deep breath, and resume your meeting! Keep an eye on your waiting room , as the Zoombombers may try to get back in, but you now have control over who gets in to your meeting.
5. When the meeting is over, report the incident to the FBI and to ADL’s incident tracker, and keep a copy of the recording for forensic usage later. This will help law enforcement to track down and apprehend the perpetrators.