"'Zoombombing' Research Shows Legitimate Meeting Attendees Cause Most Attacks"
The rapid transition to remote working, learning, and more, due to the COVID-19 virus spread, has sparked an increase in the use of the videoconferencing app Zoom. However, the migration has led to multiple incidents of "Zoombombing" in which uninvited attendees break into active online meetings to share inappropriate content and cause disorder. Google Meet, Skype, and other similar apps also faced similar issues. Such incidents have raised concern among cybersecurity experts over these apps' ability to protect against hackers. According to a new study by researchers at Binghamton University and Boston University, most Zoombombing incidents are inside jobs. Assistant Professor Jeremy Blackburn and Ph.D. student Utkucan Balcı from the Department of Computer Science at Binghamton's Thomas J. Watson College of Engineering and Applied Science collaborated with Boston University Assistant Professor Gianluca Stringhini and Ph.D. student Chen Ling to analyze over 200 Zoom calls made in the first seven months of 2020. They found that the majority of Zoombombings are not the result of attackers coming across meeting invitations or the performance of brute-force attacks, but rather insiders who have legitimate access to these Zoom meetings, such as high school and college students. The researchers found that authorized users have shared links, passwords, and other information on sites like Twitter and 4chan, along with a request to disrupt meetings. This article continues to discuss the growing occurrence of Zoombombing incidents during the COVID-19 pandemic, insiders being the primary perpetrators behind these incidents, and how insider threats make common protections against Zoombombing ineffective.