Docs Information Security

Advisory - Zoom "Bombers" and "Raiders" Solicit Meeting IDs

Image Description
Taube, Dan Published on Apr 03, 2020 

Students are being asked to share their Zoom meeting IDs with disruptive individuals.

We want to make the University community aware that further action may be necessary to protect against unwanted and unauthorized visitors to your Zoom meetings.  

"Zoom bombing" can still occur despite instructors following best practices. This is due to private meeting IDs being shared by students.

Due to the massive popularity of Zoom, and the ease at which users can connect to meetings, those that look to disrupt and cause frustration are actively targeting the platform. Meeting hosts must take action and change settings to better protect against this type of attack.

Best Practices for Zoom Meetings

The first thing you should do is review the following two sources of Zoom information compiled as part of the University's Coronavirus (COVID-19) response:

Once you have read those, we strongly recommend you think about enabling the Waiting Room feature for your meetings.

Waiting Room is Strongly Recommended

In its default state, this feature will hold meeting participants until the host admits them. Hosts are able to admit one-by-one or they can admit the entire group of participants in the waiting room. However, you can also enable two additional options that will reduce the management overhead for your meetings.

Co-Hosts Can Admit Participants

Co-hosts for meetings can also admit participants in the waiting room. You can assign others as co-host before and during meetings.

The first option is to change the type of participants to place in the waiting room. By default, this is set to all participants, but you can choose to only place guest participants in the waiting room. Setting this option will allow logged in University members to skip the waiting room.

The second option is to allow internal participants to admit those in the waiting room when the host is not present. Enabling this option would provide logged in University members the ability to admit those in the waiting room.

Not Recommended for Large Meetings

We do not recommend this second option for large meetings. Since there are some cases where participants are sharing meeting IDs, it is possible that they would simply admit those unwanted and unauthorized visitors.

There is one last option for the Waiting Room feature. You can customize the title, logo, and description that will display to those being held in the waiting room. This can improve the experience for those placed in the waiting room. It does not affect the security of your meetings and customization is not required.

Send Participants to Waiting Room During a Meeting

When using the Waiting Room feature with your meeting, you can also send active participants to the waiting room. This is done through the participant list within the meeting.