Laptop with video conference on a table with a green mug
May 5, 2020

Safeguarding against ‘Zoom bombing’

XCITE director Richard Edwards explains UCR’s response to the phenomena and offers guidance on how to tighten Zoom security

Author: Jessica Weber
May 5, 2020

“It was disgusting and a show of poor humanity,” said Chelsea Ramirez, a fourth-year student at UC Riverside, recalling her experience of “Zoom bombing” early in the spring quarter. “It was horrible, and after a while, as much as I wanted to learn, I left the meetings.”

Zoom bombing involves the intrusion into a Zoom session by uninvited guests looking to disrupt the video call, often by using offensive or inappropriate language or displaying inappropriate content.

As millions of new users flocked to the platform amid stay-at-home orders due to COVID-19, Zoom bombing became a widespread issue as the platform’s security flaws were exploited, with many universities and businesses falling victim to the practice.

In Ramirez’s case, Zoom bombers had taken over a seminar in a political science course she was enrolled in. She said someone hacked the teaching assistant’s screen and began showing pornographic imagery while other intruders flashed “MAGA” videos, yelled racist and derogatory remarks, and played audio of President Trump.

“We tried to help our TA fix the issue, but she did not have a clear understanding of what to do,” she said. “Once images escalated and things got way too gross, I left. It was distracting and ultimately dissuaded me from further attending the seminars.”

In response, UCR’s continuity of teaching task force — a collaboration between the Exploration Center for Innovative Teaching & Engagement, or XCITE; Information Technology Solutions, or ITS; and UCR Library — have offered solutions to help stop the practice. 

Richard Edwards, director of XCITE, said the task force received multiple reports early in the quarter from instructors who had experienced Zoom bombing. Since then, many steps have been taken by both Zoom and UCR to help mitigate these events.

“We are getting a lot less reports of incidents because Zoom itself has a new software patch out, so our official recommendation is when Zoom asks you to update your software, please do,” Edwards said.

While Zoom works to tighten security, Edwards noted individual users can also take steps to make their Zoom sessions less vulnerable to hackers. 

The task force, formed to help guide UCR’s transition to remote learning and co-led by Edwards, has issued guidance on the Keep Teaching website, an informational hub for instructors during the campus shutdown. 

These recommendations include password-protecting Zoom sessions, utilizing the waiting room function to prevent uninvited guests from entering meetings, and restricting screen-sharing abilities to the host or designated participants. Faculty and staff can find all the recommendations on the website in a new section detailing ways to safeguard Zoom meetings as well as a one-page downloadable guide outlining the settings hosts can adjust to improve security.

“Ever since we put out those official settings that maximize the security potential of the software, we’ve heard about very few incidences,” Edwards said.

In some cases, however, disruptions during Zoom sessions can originate internally, as was the case for second-year UCR student Saray Aguilar, who said students in the first lecture of a math course she’s taking decided to repeatedly interrupt the instructor, play inappropriate videos, and flood the group chat with profanity.

“It’s frustrating when you actually want to learn and pay attention to a lecture, especially in a subject that I personally struggle in, and someone is being annoyingly disruptive,” she said. 

Edwards said instructors can curtail disruptions during Zoom meetings by muting participants’ audio either all at once or individually. Hosts can also disable participants videos if they are displaying anything inappropriate, or remove them from a call entirely and prevent them from reentering. Guidance for managing disruptions in real-time are also included on the Keep Teaching website.

“I think there was a learning curve here,” he said. “While the university has used Zoom in the past, we had no idea that individuals across the world were going to try to interrupt our Zoom calls, so we acted very quickly. We really think faculty are much happier with how Zoom is working now.”

Edwards also said instructors can use another platform, MediaSite, if they are uncomfortable with Zoom and only need the ability to record their lectures, as MediaSite does not allow for student interaction. He said faculty members wishing to use MediaSite should submit a helpdesk ticket and their request will be routed to ITS. A list of other recording alternatives is also available on the Keep Teaching website, and Edwards said the continuity of teaching task force is actively looking into further solutions.

“If faculty have suggestions on what would improve any of the gaps they are feeling right now in terms of their instructional ability, they can reach out to the continuity of teaching task force either through their chairs or their deans, and we are always happy to be problem solving and to look for better systems to help our faculty and students,” he said.

Aguilar and Ramirez said they have not experienced additional instances of Zoom bombing, and they encourage the UCR community to be patient as faculty, staff, and students continue to adjust to remote learning. 

“We are trying to be empathetic with each other, knowing that people are being challenged in their own ways, day by day, during this pandemic,” Ramirez said. “As students are still showing up to the Zoom classes and professors are still teaching, we work to find a middle ground to continue to do the work needed, pursue our education, and come out of this quarantine the best we can on both sides.”

Media Contacts

RSS Feeds