Many publications, Ars included, have also provided posts explaining how meeting organizers can prevent zoombombing. Advertisementįurther Reading Security tips every teacher and professor needs to know about Zoom, right nowThe outrage that events like these cause has prompted online meeting services to adopt measures designed to counter the harassment. The researchers reached their findings by analyzing posts on Twitter and 4chan. Based on these observations, we argue that the only effective defense against zoombombing is creating unique join links for each participant. We also find instances of insiders instructing attackers to adopt the names of legitimate participants in the class to avoid detection, making countermeasures like setting up a waiting room and vetting participants less effective. This has important security implications, because it makes common protections against zoombombing, such as password protection, ineffective. Our findings indicate that the vast majority of calls for zoombombing are not made by attackers stumbling upon meeting invitations or bruteforcing their meeting ID, but rather by insiders who have legitimate access to these meetings, particularly students in high school and college classes. In a paper titled A First Look at Zoombombing, the researchers wrote: Researchers at Boston University and the State University of New York at Binghamton studied zoombombing calls posted on social media for the first seven months of last year and found that wasn’t the case in most instances. One common assumption, for instance, is that the harassment is organized by outsiders who weren’t privy to meeting details. The problem with these approaches is that they assume the wrong threat model. The most commonly used countermeasures include password-protecting meetings, using waiting rooms so that conference organizers can vet people before allowing them to participate, and counseling participants not to post meeting links in public forums. Meeting services have adopted a variety of countermeasures, but a new research paper finds that most of them are ineffective. That, in turn, gave way to "zoombombing," the term for when Internet trolls join online meetings with the goal of disrupting them and harassing their participants. As the COVID-19 pandemic forced schools, colleges, and businesses to limit in-person meetings, the world quickly adopted video conferencing from services such as Zoom and Google Meet.
0 Comments
Leave a Reply. |