Hackers have been reported to be ‘Zoombombing’ private online video meetings with abusive messages and offensive video footage.
Hertfordshire Constabulary says it has received reports of people’s private virtual meetings on video software, such as Zoom, being crashed over the past week in Watford and Welwyn Garden City.
More people have resorted to virtual meetings since the UK entered lockdown in March, but the county’s police force says there has been an increase of malicious communication offences.
This involves abusive messages and even offensive video footage that has been broadcasted into meetings, police said.
Detective Sergeant Marc Willmore, from Hertfordshire Constabulary’s Safeguarding Team, said: “Many of the online video meeting platforms have security issues that can be exploited by determined hackers. The perpetrators of video-call hijackings are hard to identify and track down, due to the speed of the attacks.”
“For determined trolls, it can be easy to Zoombomb a meeting; they can research online for unprotected meeting links, which are often posted on social media or chat forums.
“There are some easy changes you can make to settings before your meeting begins that will allow you to reduce the likelihood of intrusion by uninvited guests, and generally bolster your privacy overall.”
Police have now issued security advice around online video meetings following the uninvited break-ins to meetings.
This includes:
• Don't use your Personal Meeting ID for the meeting. Instead, use a per-meeting ID, exclusive to a single meeting. Zoom's support page offers a video walk-through on how to generate a random meeting ID for extra security.
• Share your meeting ID privately, do not post it to social media such as Twitter or Facebook or open forums where anyone can find the ID using simple searches.
• Create an Invite-Only Meeting (this feature is for paid Zoom accounts only). This means the only people who can join the call are those you invited, and they must sign in using the same email address you used to invite them. It gives you much more assurance that people are who they say they are.
• Enable the "Waiting Room" feature so that you can see who is attempting to join the meeting before allowing them access. When participants log into the call, they see a Waiting Room screen and can't get into the call until the host lets them in. You can let people in all at once or one at a time, which means if you see names you don't recognise in the Waiting Room, you don't have to let them in at all.
• Disable other options, including the ability for others to Join Before Host (it should be disabled by default, but check to be sure). Then disable screen-sharing for non-hosts, and also the remote control function. Finally, disable all file transferring, annotations and the autosave feature for chats.
• Once the meeting begins and everyone is in, lock the meeting to outsiders and assign at least two meeting co-hosts. The co-hosts will be able to help control the situation in case anyone bypasses your efforts and gets into the meeting.
• Sometimes an unruly participant manages to slip through the cracks. As the meeting host, you do have the power to kick someone out of a call or put them on hold. To kick someone out: During the call, go to the Participants pane on the right. Hover over the name of the person you want to boot and when options appear, choose Remove. By default, an ousted guest cannot rejoin.
If you need to report abusive behaviour to Zoom you can do this during a meeting or by email.
If you are concerned that an offence has been committed, call 101.
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules here