As the pandemic forced everyone indoors, the world quickly transitioned to video conferencing services like Zoom and Google Meet. Soon thereafter, the trend of zoombombing started. The term describes internet trolls who join online meetings to disrupt and harass participants.
Meeting services have come up with ways to fight the interruptions. A new research paper finds that most of them are not good enough.
One of the most common ways is launching password-protected meetings or using waiting rooms to vet people before they can be allowed to participate. Sometimes participants are counseled to not post meeting links in public forums.
The problem with these approaches is that they make wrong assumptions about the threat. One of the common assumptions is that harassment is organized by outsiders who have no way to access meeting details.
Research conducted at the Boston University and the State University of New York at Binghamton studied zoombombing calls posted on social media for the first seven months of 2020. The findings show that it is not outsiders in most instances.
In a paper titled ‘A First Look at zoombombing,’ the researchers say that findings show a vast majority of zoombombing isn’t done by brute-forcing or stumbling upon the meeting ID.
It is the insiders
The results show that insiders with legitimate access, especially high school and college students, are responsible for the attacks. The insiders are responsible for orchestrating the attacks, making the existing countermeasures ineffective.
Based on what they observed, the researchers argue that the only effective way to prevent zoombombing is by assigning each participant a unique joining link that cannot be used by another person.
With the continued use of video conferencing, functional solutions for these problems are inevitable.