After getting hit by Zoom bombings ranging from disruptive to disturbing, Penn State is tightening the security defaults on the platform.
“There’s whole groups of people going around, and they’re literally searching for Zoom links so they can come in later and bomb them. There’s whole chatrooms dedicated to bombing Zoom meetings, believe it or not," said Richard Sparrow, acting chief information security officer at Penn State.
Sparrow said the university has been using Zoom for years. But, like other institutions, when Penn State moved to remote learning in March, use of Zoom went up and so did the problems.
To address that, the university has switched security defaults. For example, Sparrow said, the host now controls screensharing, and people joining a meeting go to a waiting room first.
“We’re just moving to where people start from a secure position when they create a meeting," he said. "They can still open it up and make it very collaborative, and frankly they could even invite trouble with Zoom-bombing if they’re not careful. But we are starting from a position where they are much more secure.”
Sparrow said Penn State Police had received reports of about 30 incidents as of last week, including harassment and showing images that appear to be child pornography. Penn State Police and Public Safety are working with the FBI to investigate.
And Zoom is making upgrades to its encryption features. In an April message to Zoom users, the company noted that it went from a maximum of about 10 million daily meeting participants in December to about 200 million daily participants by March.
Users will need to download the new Zoom software to have the upgrades. Sparrow said with the changes in place, the key now is education and awareness of security settings.