Feb 08, 2021 15:00:00

Pointed out that measures against vandalism in Zoom meetings are almost meaningless

Due to the impact of the new coronavirus, people are now using online tools such as '

Zoom ' and ' Google Meet ' to hold meetings instead of face-to-face. However, with the popularity of online tools, there are many so-called 'Zoom bombings' in which malicious people participate in meetings to vandalize and harass people. Although the tool providers have taken various measures, researchers have published research papers that 'most of them are meaningless.'

A First Look at Zoom bombing
(PDF file) https://arxiv.org/pdf/2009.03822.pdf

Zoombombing countermeasures are ineffective in the vast majority of cases | Ars Technica
https://arstechnica.com/information-technology/2021/02/zoombombing-countermeasures-are-ineffective-in-the-vast-majority-of-cases/

As a countermeasure against vandalism, Zoom has taken measures such as setting a password for the conference and setting a function called 'waiting room' that allows the host to manage the authority to participate in the conference. However, a PhD student at Boston University , Chen Lin and others, analyzed posts on Twitter and 4chan on the overseas bulletin board, and found that most of the people who bombed Zoom bypassed these measures.

Most of the people who bombed Zoom did not take any action such as requesting a password or hacking, but it was simply by insiders and students who had legal access to the meeting. The person who intends to bomb the Zoom will use the link shared in advance by the organizer of the conference, or will get the link from a friend etc. to participate in the conference, so the countermeasures will be meaningless. When a large number of users participate in the conference, it is difficult to examine each user individually in advance, so the effect of the waiting room is diminishing.

Researchers cite 'sharing individual links for each participant' as an effective remedy. Although it is inevitable that multiple people will join the meeting using the same link and bomb the Zoom, this will allow the host to pinpoint who provided the link to the outside world. However, as of February 2021, this function is available only on Zoom and Webex .

In August 2020, a pornographic video was played at an online hearing of a hacking incident, and online tool providers have also expressed concern about the Zoom bombing. 'We are very angry about this type of incident and are asking users to report the offender so that we can take appropriate action against the offender,' Zoom said in a statement.

'Zoom bombing' with a roaring sound of pornographic videos bursts at an online hearing of a large-scale hacking incident on Twitter

Researchers say 'this study is the first data-driven study of Zoom bombing.' Ars Technica, an overseas media outlet that reported this incident, concludes that such research will continue with the spread of online tools.