High-profile incidents of Zoom hacking are prompting area educators to lock down the teleconference platform to protect users.
With classes moving online, teachers are using the popular video platform to run classes and lectures. Government agencies, businesses and houses of worship have also used the program to run meetings and services in response to social distancing measures to curb the spread of the coronavirus.
But security issues made the program vulnerable to bad actors calling in to meetings and posting obscene videos and images, as well as threats and crass language in the program’s chat function. While Zoom in recent days has added new security measures, agencies are also taking precautions to ensure users are protected from so-called “Zoombombing.”
“Now, with all these people moving online — all sort of Zoom newbies — it’s become this huge target,” said Mike Caulfield, Washington State University Vancouver’s director of blended and networked learning.
Donna Sinclair knows the realities of “Zoombombing” all too well. The adjunct history professor at WSU Vancouver was running a guest lecture April 2 with Gloria Brown, the first African American woman to hold the position of forest supervisor at the U.S. Forest Service.
Early into the presentation, people began posting violent and sexually explicit videos, as well as using racial slurs.
“They took over the meeting,” Sinclair said. “I don’t know how. It was sudden and violating, and we couldn’t make it stop.”
Caulfield said publicly available Zoom meetings are vulnerable to hackers who either spot that they’re occurring or use software to try to access randomly generated web addresses.
“For certain things, you want this openness,” Caulfield said. “That openness can be a vulnerability.”
In response to security concerns, WSU added new default settings to all classes, including putting passwords on classes and requiring participants to be registered Zoom users. Caulfield also said the program’s waiting room function, which forces the host to approve all participants, can be effective but is a challenge with large lecture classes.
“We’re trying to figure out the best way to set up … these classrooms to make sure they’re protected but also make sure they’re manageable for faculty,” Caulfield said.
K-12 school districts haven’t seen the same violations but are taking similar steps to ensure that young students aren’t exposed to “Zoombombing.” Clark County’s largest school districts are using passwords and waiting rooms to add security to meetings, and some teachers are meeting with smaller groups of students in order to better manage connections.
“There are definitely some security settings and precautions you can take depending on the context you’re in,” said Zach Desjarlais, Vancouver Public Schools’ director of instructional technology.
Sinclair, for her part, was lucky. She was able to stop the presentation with Brown, create a second link and push it out to students and a handful of other WSU faculty. Sinclair will be recording future lectures and posting them online, but that comes with a cost.
“They won’t be open to the public,” Sinclair said.