KYLIEBYTES: ‘Zoombombing’ is the newest cyber attack. Was Sac State prepared?
User settings make attacking online classrooms easier than ever
March 31, 2020
I’m Kylie Robison and this is KYLIEBYTES, a column where I talk about technology and its impact on society. Follow me on Twitter @kylie_robison for more.
Zoom has become a household name overnight, with schools and businesses across the country implementing this new technology in the face of a serious pandemic.
As we overcome social distancing obstacles by using technology, we must also conquer the serious security problems that arise with Zoom.
The newest complication is called “zoombombing,” where unauthorized users enter Zoom meetings and disrupt by yelling profanities, displaying shocking imagery and more. We rely on this platform for the continuance of our curriculum this semester, so vetting the software for security concerns should have been our top priority.
As a student at Sacramento State, and as a management information systems major, I’m not at all surprised by this interaction between students and sensitive technology.
My classes seem to have lost a point, and many are distracted by the application’s custom background settings. It’s difficult to make people in their 20s take anything seriously — online classes aren’t an exception.
The only way to access a class Zoom lecture is to use the link or ID number provided by the host, in this case, the professor. There are other reported instances of users accessing meetings by “guessing” the meeting ID, which all-in-all, is unlikely. ”Zoombombing” likely requires two parties, a person committing the attack and a person giving them the link.
Preventing this attack is simple, but it requires professors to change their settings. As many of us have experienced already, professors are struggling to get the hang of Zoom. And to be fair, Zoom’s interface is not entirely user-friendly, especially to those who might be computer illiterate.
Professors have a variety of settings they can apply to their account to inhibit ”zoombombings.” Thankfully, the Information Resources & Technology department sent out an email to faculty containing a step-by-step Youtube video of how to deter these types of attacks.
Story continues below video.
It can easily be difficult to keep track of potential dangers with the sheer amount of daily users IRT is currently seeing on Zoom. Mark Hendricks, Interim Vice President & Chief Information Officer at Sacramento State, said that, accounting for all participants in all Zoom meetings for Sac State, video meetings were accessed around 150,000 times for the entire month of March.
Story continues below graph.
It’s clear our school’s IRT Service Desk is doing its best to juggle unexpected issues that arise from this pandemic. They’ve opened Parking Structure V for access to campus wifi Monday through Friday, and allowed free laptop loaners through the end of the semester. With such a short amount of time, I can appreciate what they’ve accomplished for their students.
RELATED: Sac State offers ‘drive-in wi-fi’ amid coronavirus-induced online classes
Hendricks also indicated that “during the break in instruction, more than 1,867 faculty and staff attended Zoom and Canvas webinars, and the recorded sessions were viewed by almost 1,000 people.
I’d love to say that those meetings translated to online classes, but Hendricks noted that Sac State has already seen an incident of ”zoombombing“ within the first week of online instruction, but IRT is “taking steps to communicate with faculty and staff about this disturbing behavior.”
I’m sympathetic to the difficult circumstances, as someone who currently works in I.T. during this epidemic, but showing hosts how to secure their online classrooms should have been a priority before deploying it to the entire school. It isn’t impossible to see a security issue like this coming, and I shouldn’t have to worry about my safety as a student when attending a class online.
It’s not a matter of how much time they had, but how much time Sac State decided to give faculty to move fully online. Professors who have never used the Zoom platform are now being forced to completely reformat their curriculum for online use. Our college education is more important than any time or money that could have been lost better preparing faculty for these security issues.
Our school neglected to prepare professors of these dangers before Zoom was put to use, which risks the education we paid for. Just as we saw with the Iowa Caucuses, quickly implemented software can put entire organizations at risk. It’s unfair to students and faculty alike.
Kylie Robison • Apr 7, 2020 at 3:17 pm
@Aka Geek Girl – It is unlikely for your average user to guess a meeting ID without access to advanced technology.
aka Geek Girl • Apr 6, 2020 at 2:18 pm
“There are other reported instances of users accessing meetings by “guessing” the meeting ID, which all-in-all, is unlikely.” Sorry, but this is patently false.
“An automated tool developed by security researchers is able to find around 100 Zoom meeting IDs in an hour and information for nearly 2,400 Zoom meetings in a single day of scans, according to a new report from security expert Brian Krebs.”
https://www.theverge.com/2020/4/2/21206061/zoom-meeting-id-zwardial-automated-tool
It really is that trivial.