Skip to main content
Security

Defusing Zoom Bombing for Microsoft Teams

By April 2, 2020July 25th, 2021No Comments

Defusing Zoom Bombing for Microsoft Teams

Zoom has been getting a lot of media attention in the recent month over security and privacy concerns. However, the vulnerabilities for the Windows desktop version of Zoom have been patched, and privacy concerns for the Zoom App on IOS are addressed. And then there is Zoom Bombing.

While the term Zoom Bombing has caught on and attached to the product Zoom, it can happen to any online video meeting, including Microsoft Teams.

Zoom Bombing, not like Photo Bombing

Photo Bombing, you think of funny online photos of someone in the background who pops their head into a photo and makes a funny face, while the people in the pictures are unaware. It’s considered amusing and lighthearted. This new phenomenon, Zoom Bombing, is not.

Zoom bombing is a new term coined by the public. It happens when uninvited guests are joining Zoom video meetings and do any of the following:

  •  Say obscene and lewd comments to the attendees
  • Share nude or suggestive content
  • Take over control of presentations

Portrait of a serious businessman with colleagues - photobomb

How are they doing this?

Zoom bombing is not necessarily a security vulnerability but a default setting of features set for ease of use. It could happen in most video chat platforms, including Microsoft Teams, if not careful.

There has never been such a need for remote work and video chat sessions as people navigate the new normal. But with this comes new challenges, and sadly, individuals are looking to disrupt where they can.

It’s not hacking with Zoom Bombing. They are performing some reconnaissance, same as with hacking, but these individuals are not hackers. They see opportunities with people who: 

  • Share Zoom meeting IDs on social media
  • Reuse meeting IDs shared for a public meeting
  • Take advantage of hosts leaving the default settings of Zoom 

What can you do to prevent this from happening in Microsoft Teams?

Here are some tips to protect yourself in Microsoft Teams meetings: 

  1. Don’t post screenshots of your session that would identity usernames, emails, meeting URLs or IDs
  2. Don’t reuse meeting IDs or meeting URLs that used for public meetings
  3. Ensure people are not able to join without being admitted 1st by the host
  4. Ensure guests are not able to request control or share content by default
  5. If you admit someone accidentally that you do not recognize, remove or mute them 

Don’t share meeting invites on social media.

Sharing meeting invites on social media is of the main ways people are Zoom Bombing. If you post your Zoom meeting ID or meeting URL to the world, it will get Zoom Bombed. Same as with Teams, make sure you are not sharing your meeting URL or ID on social media. Here is one instance of accidental sharing of a Zoom meeting by British Prime Minister Boris Johnson  https://twitter.com/BorisJohnson/status/1244985949534199808/photo/1 

Don’t reuse meeting IDs or meeting URLs that are used for public meetings.

When inviting people to a public meeting, ensure you are not reusing the same meeting URL or ID for private meetings. Malicious individuals search for public meeting URLs and IDs and store them for future use. Ensure you create new appointments for private sessions. 

Ensure people are not able to join without being admitted 1st by the host

In teams, you can do this per meeting.

When you create a new Teams meeting, before sending out the invite, click on the meeting options as shown below.

Teams Meeting Options - Managed IT Services Calgary Teknertia

Once the options appear, click Who can bypass the lobby? and select People in my organization 

Teams Meeting Option 1 - Managed IT Services Calgary Teknertia

Ensure guests are not able to request control or share content by default

Click on Who can present? And select anything but Everyone.  In our example, we selected Only me, which only allows the host to present. Once in the meeting, the host can easily grant anyone presenter rights. If you leave the default of Everyone, you allow anyone who joins the meeting to share content from their screen, which is one of the significant issues occurring with Zoom Bombing. 

Teams Meeting Option 2 - Managed IT Services Calgary Teknertia

If you admitted someone accidentally that you do not recognize, what can you do?

If someone joined your meeting and you accidentally admitted them, do any of the following: 

  • Mute the participant
  • Remove the participant

After your participants have joined, place your mouse in the middle of the meeting window, you will see the command bar appear: 

  1. Click on the participant icon as shown below
  2. Teams make presenter 1 - Managed IT Services Calgary Teknertia
  3. Now either click Mute participant or click Remove participant 

Teams mute guest 1 - Managed IT Services Calgary Teknertia

Additional settings

Allow attendees to present after they have joined.

By placing your mouse in the middle of the meeting window, you will see the command bar window appear: 

  1. Click on the participant icon as shown below
  2. Teams make presenter 1 - Managed IT Services Calgary Teknertia
  3. Next, click on the ellipses beside the participant’s name and select Make a presenter 

Teams make presenter 2 - Managed IT Services Calgary Teknertia

For Microsoft 365 Administrators – changing default settings.

When logged in as a Microsoft 365 Administrator: 

  1. Launch the Teams Admin center
  2. Next, under Meetings, click Meeting policies
  3. Teams Admin Meeting Options - Managed IT Services Calgary Teknertia
  4. Select the default policy to edit it
  5. Next, for the option Automatically admit people, select Everyone in your organization. This options will prevent guests from entering unannounced once the meeting has started.
  6. Click the radio button to Allow dial-in users to bypass the lobby and set it to Off

Teams Admin Meeting Options1 - Managed IT Services Calgary Teknertia

Keeping uninvited guests out of your Zoom event

While this blog post is titled “Defusing Zoom Bombing for Microsoft Teams,” I will not get into the details of how to do this in Zoom as there are many articles already created for this purpose. Here is an excellent post from Zoom itself: https://blog.zoom.us/wordpress/2020/03/20/keep-uninvited-guests-out-of-your-zoom-event/ 

Final thoughts

Currently, Zoom is in the spotlight for uninvited guests. Most video chat/conferencing services’ default settings are set to provide you with a meeting url or meeting ID. The participants need not enter any credentials or input any password to join a meeting already in progress. This is for better user experience and ease of use for participants. Think about that for a moment. Anyone can join with just a meeting ID or meeting URL; it’s not just Zoom; this can happen if we are not careful.

More care needs to happen than ever before, with new technology being learnt while working remote and any new technology in general. When using an online application where a URL is shared, and the participants are not required to log in, take precautions. Explore all the options the platform offers, taking into account what this article.

User education and proper measures can ensure your video conferencing will be as secure as possible. Be safe while working remotely.

Still not sure how to protect yourself from Zoom Bombing?

Reach out to us for a demo of Teams in action, we will be glad to assist you.

Leave a Reply