Monday, November 9th, 2020

This year, the world faced a major shift in the perspective of the workplace.  Due to COVID-19, many people across the globe transitioned to working remotely.  Programs, such as Zoom, enable business to remain just as productive as before.  Here at Cyber Protection Group, Zoom enables us to work remotely efficiently.  However, the increase in demand for Zoom means the increase in malicious attacks.  For instance, “Zoom Bombing” and “Zoom Snooping” targets many meetings.

 

What is Zoom Bombing and Snooping?

Zoom Bombing

You expect to focus on your job functions at a meeting.  Additionally, you should only expect authorized colleagues or other personnel in the meeting.   Now, what if an unknown user suddenly interrupts your meeting?  This unknown user compromises and proceeds to force members to watch and listen to inappropriate media and profanities.

This exact scenario depicts Zoom Bombing.  “Bombing” attacks target meetings where an unauthorized user joins the meeting.  Once joined, the attacker begins displaying inappropriate media or profanity to the meeting members.

These attackers and pranksters search social media sites, or even the company websites to find the meeting link.  Once they find the link to a joinable, they easily infiltrate your next meeting.

Zoom Snooping

Recently, a team of researchers at Texas introduced a new type of attack, Zoom Snooping.  According to the researchers, attackers use your body language and shoulder movements to record and predict your keystrokes and passwords.

Obviously, attending a meeting requires computer and keyboard access.  Those researchers claim by analyzing your shoulders’  higher, lower, or sideways movements, they can accurately determine what is typed.

 

Prevention and Protection

In 2020, Zoom gives attackers the capability to disturb millions of users.  When hosting or attending a Zoom meeting, you expect to solely get your job done.  You do not expect any interruptions and passwords compromised just by turning on your webcam.

To protect yourself from Zoom Bombing, keep the meeting link private and only give the link to those you expect to be in the meeting.  When you host the meeting, create a password that the user must enter to even join the meeting.  This secures yourself from bombers when your private link accidentally gets leaked.

Sometimes meeting links can not always be private.  Again, if applicable, implement a meeting password.  If not, enable the waiting room feature in your meeting.  This allows the host to see who wants in the meeting and then they can decide who is granted access to the meeting.

To protect yourself from Zoom Snooping, those same researchers discovered that by enabling the blurring effect to your background, the accuracy of reading your shoulder movements decreases from 65% to 13%.  

 

All in all, as Zoom and other remote working software increases in demand, so will the attacks against them.  Next time you attend a meeting, follow the few listed tips.  Be sure to enable meeting passwords, waiting rooms, and try to keep your meeting in link as private as you can.  While you are working, enable the background blurring feature to give yourself peace of mind that no one is spying on you to steal all your precious passwords.