April 2, 2020

Defusing Zoom Bombing for Microsoft Teams

Zoom has been getting a lot of media attention in the recent month over security and privacy concerns. However, the vulnerabilities for the Windows desktop version of Zoom have been patched and privacy concerns for the Zoom App on IOS addressed. And then there is Zoom Bombing.

While the term Zoom Bombing has caught on and attached to the product Zoom, it can happen to any online video meeting, including Microsoft Teams.

Zoom Bombing, not like Photo Bombing

Photo Bombing, you think of funny online photos of someone in the background who pops their head into a photo and makes a funny face, while the people in the photos are unaware. It’s considered amusing and lighthearted. This new phenomenon Zoom Bombing is not.

Zoom bombing is a new term coined by the public. It happens when uninvited guests are joining Zoom video meetings and do any of the following:

  • Say obscene and lewd comments to the attendees
  • Share nude and/or obscene content
  • Take over control of presentations

How are they doing this?

Zoom bombing is not necessarily a security vulnerability, but more of a default setting of features set for ease of use.   It could happen in most video chat platforms, including Microsoft Teams if not careful.

There has  never been such a need for remote work and video chat sessions as people navigate the new normal. But with this, come new challenges, and sadly, individuals looking to disrupt where they can.

It’s not hacking with Zoom Bombing. they are performing some reconnaissance same as with hacking, but these individuals are not hackers.  They see opportunities with people who:

  • Share Zoom meeting IDs on social media
  • Reuse meeting IDs that were shared for public meeting
  • Take advantage of hosts leaving the default settings of Zoom

What can you do, to prevent this from happening in Microsoft Teams?

Here are some tips to protect yourself in Microsoft Teams meetings:

  1. Don’t post screenshots of your meeting that would identity usernames, emails, meeting urls or IDs
  2. Don’t reuse meeting IDs or meeting urls that were used for public meetings
  3. Ensure people are not able to join without being admitted 1st by the host
  4. Ensure guests are not able to request control or share content by default
  5. If you admitted someone accidentally that you do not recognize, remove or mute them

Don’t share meeting invites on social media

This is one of the main ways people are Zoom Bombing.  If you post your Zoom meeting ID or meeting url to the world, it will get Zoom Bombed.  Same as with Teams, make sure you are not sharing your meeting url or ID on social media. Here is one instance of accidental sharing of a Zoom meeting by British Prime Minister Boris Johnson  https://twitter.com/BorisJohnson/status/1244985949534199808/photo/1

Don’t reuse meeting IDs or meeting urls that were used for public meetings

When inviting people to a public meeting, ensure you are not reusing the same meeting url or ID as for private meetings. Malicious individuals search for public meeting urls and IDs and store them for future use.  Ensure you create new meetings for private sessions.

Ensure people are not able to join without being admitted 1st by the host

In teams you can do this per meeting.

When you create a new Teams meeting, before sending out the invite, simply click on the meeting options as shown below

Once the options appear, click Who can bypass the lobby? and select People in my organization

Ensure guests are not able to request control or share content by default

Click on Who can present? and select anything but Everyone.  In our example we selected Only me which only allows the host to present.  Once in the meeting, the host can easily grant anyone presenter rights.  If you leave the default of Everyone, you allow anyone who joins the meeting to share content from their screen, which is one of the major issues occurring with Zoom Bombing.

If you admitted someone accidentally that you do not recognize, what can you do?

If someone joined your meeting and you accidentally admitted them, do any of the following:

  • Mute the participant
  • Remove the participant

After your participants have joined, place your mouse in the middle of the meeting window, you will see the command bar appear:

  1. Click on the participant icon as shown below
  2. Now either click Mute participant or click Remove participant

Additional settings

Allow attendees to present after they have joined

By placing your mouse in the middle of the meeting window, you will see the command bar window appear:

  1. Click on the participant icon as shown below
  2. Next click on the ellipses beside the participants name and select Make a presenter

For Microsoft 365 Administrators – changing default settings

When logged in as a Microsoft 365 Administrator:

  1. Launch the Teams Admin center
  2. Next, under Meetings, click Meeting policies
  3. Select the default policy to edit it
  4. Next for the option Automatically admit people, select Everyone in your organization. This will prevent guests from entering unannounced once the meeting has started.
  5. Click the radio button for Allow dial-in users to bypass the lobby and set to Off

Keeping uninvited guests out of your Zoom event

While this blog post is titled “Defusing Zoom Bombing for Microsoft Teams”. I will not get into the details of how to do this in Zoom as there are many articles already created for this purpose. Here is a great post from Zoom itself: https://blog.zoom.us/wordpress/2020/03/20/keep-uninvited-guests-out-of-your-zoom-event/

Final thoughts

Currently Zoom is in the spotlight for uninvited guests. Most video chat/conferencing services’ default settings are set to provide you with a meeting url or meeting ID, where the the participants need not enter any type of credentials or input any password to join a meeting already in progress. This is for better user experience and ease of use for participants. Think about that for a moment. Anyone can join with just a meeting ID or meeting url, it’s not just Zoom this can happen to, if we are not careful.

More care needs to be taken then ever before, with  new technology being learnt while working remote and any new technology in general. When using any online application where a url is shared and the participants are not required to login, take precautions.  Explore all the options the platform offers, taking into account what was said in this article.

User education and proper measures can ensure your video conferencing will be as secure as as possible. Be safe while working remote.

If you are still not sure, reach out to us via our contact us page, we will be glad to assist you, or contact any of the amazing IT firms in Calgary.

Microsoft 365, Microsoft Teams, Security , , , ,
About Robby Garon

Leave a Reply

Your email address will not be published. Required fields are marked *