Why Trolls Keep ‘Zoom-bombing’ Your Kid’s Lessons – and How to Stop It

רן בר זיק - צרובה
Ran Bar-Zik
Send in e-mailSend in e-mail
Send in e-mailSend in e-mail
A Zoom drawing class.
An illustrative photo of a Zoom drawing class in Australia, April 2020.Credit: Loren Elliott/Reuters
רן בר זיק - צרובה
Ran Bar-Zik

Zoom is perhaps the biggest technology star of the coronavirus pandemic. But along with its massive success, the videoconferencing service has also seen its fair share of bad press, mostly due to security concerns. And one problem has been so prominent that there is even a special term for it: Zoom-bombing.

Zoom-bombing, in which an unwanted guest joins a video call for purposes of disruption and harassment, has been weaponized by online trolls and hackers of all kinds. Their victims range from participants in online classes to political events and even Holocaust commemorations.

For its part, Zoom has made massive efforts to revamp its defenses, substantially improving its encryption of calls, for example. But Zoom-bombing persists, amid reports, for example, that young children’s video classes are still being frequently targeted with pornographic material.

Haaretz podcast: Did the Iran assassination blast a hole in the Biden-Netanyahu relationship?

-- : --

Amid the pandemic, remote learning is not going away anytime soon, and cybersecurity researchers recently managed to crack the problem. They discovered that the flaw that leaves Zoom-based classrooms so exposed has nothing to do with Zoom itself or its security defenses.

Sahar Avitan, a senior researcher at the Israeli-based cybersecurity firm Security Joes, discovered that the secret weapon used by hackers is one that you yourself probably used today. It’s Google. What Avitan found is remarkably simple: Hackers are searching for Google Docs documents containing the links and passwords to your children’s videoconference classes.

Another cybersecurity researcher, Maor Dayan, managed to find scores of documents created by Israeli educators with lists of all their students’ names and, of course, links to their respective Zoom lessons – with their passwords conveniently noted alongside.

Google Docs has emerged as the simple online alternative to Microsoft Word and has become the preeminent online word-processing platform. But one downside of Google Docs is that if you don’t lock your document with a password, by creating a sharable link and not only sharing it with specific email addresses for example, its content can easily be found online.

It’s Google, in fact, that makes it so easy to search public documents on Google Docs.

When educators and parents share online documents that include Zoom initiation links, they usually do so with the password already embedded into the actual invitation link’s URL. It has to do with the way Zoom invitation links are structured. But then, even someone who doesn’t know how to read Hebrew could easily Zoom-bomb an Israeli classroom.

Take this link, for example: https://us04web.zoom.us/j/XXXXXX?pwd=YYYYYY

You don’t need to be a cybersecurity sleuth to guess that what comes after the letters “pwd” is the password.

So how are Zoom bombers finding these links? It’s done with the help of “inurl”, a special search parameter that allows you to pinpoint your search to one specific website. In this case, hackers focus their search solely on the Google Docs address and look for terms such as “password” or “lessons”.

Email addresses are no different and searches for any of these terms in Hebrew have yielded hundreds of Google Docs containing Zoom links and passwords to schools in Israel. English searches revealed similar results.

So the solution to some Zoom-bombing, it seems, is not something that Zoom can address, but that we can.

Click the alert icon to follow topics: