Security vulnerabilities and exploitation of the Zoom conferencing platform (Zoombombing, Link exploits, etc) have been spotlighted in recent news. This write-up is to inform and clarify the position that the 鶹 holds with Zoom.
Backstory and Context
Due to the global increase of remote work, and distance education, the web conferencing platform, Zoom, has found its way into the spotlight. In March alone Zoom’s daily user base dramatically increased from 10 million users to 200 million users. Across the nation, many higher education and K12 systems adopted Zoom as the platform to transition from face-to-face classes to online instruction in a very compressed time frame. It is Zoom’s intuitive interface and ability to scale the cloud infrastructure to meet the rapid growth that provides a very inviting and accommodating online environment.
The 鶹 chose and adopted Zoom after an extensive and inclusive RFP process across the UA system in 2018. The Zoom implementation replaced the aging video conferencing infrastructure and provides projected savings of ~$100K in FY20 over FY19 costs.
Unfortunately, the ease of use and rapid rise in popularity of Zoom presents opportunities to maliciously exploit the very same features; like screen sharing, standing meeting ID’s, screen sharing, that enables its ubiquitous popularity; like screen sharing and standing meeting URLs that are reused as a convenience practice. Zoombombing is the notorious exploit making recent headlines that takes advantage of these conveniences and enables malicious actors to intrude a Zoom session and post disruptive content through screen sharing. This type of invasion has caused several educational systems to abandon the platform altogether.
Actions UA has Taken To-Date
Configuration changes have been made to enhance the security of UA’s Zoom environment in an effort to block Zoombombing:
- UA Zoom has always been accessed via standard UA authentication protocols using UA Username and password.
- Global screen sharing default settings have been changed to “Host-Only”
- To ensure a good Zoom session experience, it is important to know how to use the meeting controls and employ best practices. NTS has developed and posted .
- Articles have been developed and circulated to UA News, UAF Cornerstone, Green and Gold, and UAS IT Help Desk.
Zoom Security Concerns and their response
Zoom has announced a plan to conduct an extensive external security review of the Zoom platform over the next 90 days.
Zoom has patched and addressed vulnerabilities to address the security concerns, the details are:
- )
UA Office of Information Technology will pay close attention to all Zoom technical announcements to ensure the best Zoom experience for UA. For the latest in Zoom information during COVID-19 response, visit the page on UA Virtual Campus.
Questions about Zoom?
As always, your local service desk is here to help!
Anchorage
Technical Support Center: (907)786-4646
Toll-Free: (877) 633-3888