Skip to main content
Visit Remote Work Tools & Guidelines and Student Remote IT Support for details on working remotely under the University's Coronavirus (COVID-19) recommendations
Penn Information Systems & Computing Systems Home

Search form

  • Find my LSP
  • Penn
System Status
  • Get Started
    • IT Staff
    • Faculty
    • Staff
    • Students
    • Alumni & Guests
    • ISC Staff
  • Services
    • — Services A to Z —
    • Accounts, Access & Security
      • Access Management Services
      • Active Directory
      • Identity Management Services
      • Information Security Services
    • Applications & Data Analytics
      • Application Development & Delivery
      • Data Analytics
        • Data Analytics at Penn
      • Integration Development & Delivery
    • Backup, Storage & Platforms
      • BackItUp
      • Backup for Desktop & Laptop
      • Cloud Solutions
      • Data Center Services
      • Database & Middleware Services
      • Endpoint Management
      • Recovery Services
      • Storage
      • Virtual Desktop
      • Virtual Server Hosting
    • Community, Support & Learning
      • Classroom Technology Services
      • Desktop Engineering
      • IT Community Events
      • Knowledge Link
      • LinkedIn Learning
      • Provider Support Services
      • Tech Center
    • Consulting & Professional Services
      • Brokered Products
      • HireIT
      • Systems Support & Consulting
      • Technology Forecasting
    • Email, Calendaring & Collaboration
      • Classlists
      • Penn Email Routing
      • Penn+Box
      • PennNet Mailing Lists
      • PennO365
      • PennZoom
      • SMTP-Relay
      • Secure Share
    • Networks & Connectivity
      • Firewall Services
      • Network Design & Installation
      • Network Names & Numbers
      • PennNet
        • MAGPI (Penn's Internet2 Regional Optical Network)
      • PennNet Ethernet Ports
      • Wireless at Penn
    • Phone, TV & Video
      • Broadcasting Studio
      • Contact Center
      • Live Video Streaming
      • Penn Video Network
      • PennFlex Phone
      • PennNet Phone
      • Traditional Telephony
      • Video Content Management
      • Video Production
        • Producing Video Content
    • Web Hosting
      • Web Services
    • — Service Rates —
    • — Service Level Agreements —
  • Security
    • Office of Information Security
    • Security Services
    • Special Projects
    • Policies & Procedures
    • Training & Awareness
  • Collaborations
    • Engaging Penn’s IT Community
    • Identity & Access Management
    • Cloud First
    • Next Generation Unified Communications
    • IT Advisory Groups
      • Common Solutions
      • IT Roundtable
      • Network Policy Committee
      • Penn Technology Investment Committee
        • About PTIC
    • Special Interest Groups (SIGs)
      • Audio-Visual (AV-SIG)
      • Cloud Computing (Cloud-SIG)
      • Data Visualization (DataViz-SIG)
      • Developer SIG (Dev-SIG)
      • High-Performance Computing (HPC-SIG)
      • Instructional Technology SIG
      • Linux SIG
      • Macintosh Networking Group (MacNet)
      • Mobile Technologies (Mobile-SIG)
      • O365 Special Interest Group
      • PC Networking Group (PC-Net)
      • Project Partners SIG
      • Security SIG
      • Social Media SIG
      • Splunk Special Interest Group
      • Super User Group (SUG)
      • Web SIG
    • Technology Services Strategy Review Board
  • News
  • Events
  • About
    • Overview
    • Leadership & Groups
    • Purpose & Values
    • Strategic Goals
    • Recognition
    • Tech Jobs @ Penn
    • Contact Us
  • Hot Topics
  • Get Help
    • Support Center
    • Contact ISC Client Care
    • Rates for All Services

You are here

Home » Zoombombing Allows Uninvited Guests Join a Zoom Session

Zoombombing Allows Uninvited Guests Join a Zoom Session

Zoom is getting some unwanted attention as internet miscreants or mischievous students learn to abuse its open default settings.  There have been several reports of “zoombombing” where uninvited guests join a zoom session and share offensive content, including reports from universities.  For example, The University of Southern California (USC) has had classes disrupted. 

The biggest defense against these types of attacks is to avoid public posting of Zoom links where they can be accessed by people outside the Penn community.  This way someone looking to cause trouble cannot join the meeting just by sniffing out the Zoom link with a Google search.

Additional recommendations include: 

For large public or semipublic meetings, disable desktop/screenshare for users

By default, users can share their screen with all participants, allowing a participant to share offensive content with the meeting.  With this default setting disabled, users must be authorized by the host before they can share.

prevent participants from screen sharing
Disable File Transfer

Unless needed, disable “file transfer” to avoid participants passing viruses or other malicious content to other participants. File transfer is disabled by default. Incase it is enabled:

  1. Sign in the Zoom web portal 
  2. Click Settings
  3. Navigate to the File Transfer option on the Meeting tab and verify that the setting is enabled
  4. If the setting is enabled, click the Status toggle to disable it
  5. If a verification dialog displays, choose Turn On to verify the change.

You can limit the file type/extensions you plan to share by taking the following step:

Disable Allow Removed Participants to Rejoin

Disable “Allow Removed Participants to Rejoin” so that if a troublemaker is removed from a meeting they cannot simply rejoin. 

If you are the account admin, you can disable "Allow Removed Participants to Rejoin" by taking the following steps:

  1. Sign in to the Zoom web portal as an administrator with the privilege to edit account settings.
  2. Click Account Management and then Account Settings
  3. Navigate to the Meeting tab and In-Meeting (Basic) and switch off the Allow removed participants toggle.

 

Manage Participants During a Zoom Meeting
  • Be careful when joining personal IDs and Links: Sharing Personal Meeting IDs and personal links can be used to re-join the same meeting room later, which may be unwanted.  
  • Lock Meeting: To prevent new participants from joining a meeting, the host can lock the meeting after the arrival of attendees by clicking on: 
    • More at the bottom of the Manage Participants window.
    • Select Lock Meeting
  •   Mute unintentional background noise and Stop distributive video: The host can mute individual participants unintentional background noise:
    • More next the participant's name in the Manage Participants window.
    • Click Mute.
    • For distributive video follow the steps to mute unintentional background but instead of clicking Mute, you can click to Stop a participant video. 
  •   Block annotations to prevent participants from using annotation tools to add information to shared screens. 
Consider Using Meeting Passwords & Limit Reuse of Access Codes
  • Meeting passwords can be employed if there are challenges in restricting access only to the intended participants.
  • Limit reuse of access codes: if you've used the same code for many meetings, others will have access to your meetings using the same passcode. 

 

Disable "Join before host" in your Personal Meeting Room

If you use a Personal Meeting Room, a good place to start is disabling the “Enable join before host” option. This prevents others from using your Personal Meeting ID without you. To adjust this setting, follow these steps. [1]

  1. Navigate to meeting settings in the Zoom web portal.
  2. Click Personal Meeting Room.
  3. Scroll to the bottom of the page and click Edit this Meeting.
  4. Deselect Enable join before host.
  5. Click Save.

[1] Steps were borrowed from Stanford University IT at https://uit.stanford.edu/service/zoom/meetingsecurityguide

Resources

Zoom: Managing participants in a meeting 

ZD Net - "How to prevent Your zoom meetings being Zoom-bombed (gate crashed) by trolls"

The New York Times "Troll Terrifies Public Zoom Meeting by Sharing Highly Disturbing Video"

Stanford University How to Protect Your Zoom Meetings

Share:

  • Facebook
  • Twitter
Print
InfoSec Home
Resources
  • InfoSec News & Alerts
  • ISC News
  • Privacy Considerations When Using Zoom
Contact InfoSec
  • Computing Policies
  • Tech Jobs @ Penn
System Status

© 2021 THE UNIVERSITY OF PENNSYLVANIA — 3401 Walnut Street, Philadelphia, PA 19104 — Report accessibility issues and get help — For ISC Staff