ZoomBombing and What You can Do to Make Your Zoom Meeting Safer

I was asked to talk about recent security concerns regarding the videoconferencing application Zoom and prepared the following. – John Brandt

Take a Deep Breath

The new term, ZoomBombing, was coined just a few weeks ago and the concern and social media rant about the security of the world’s most popular videoconferencing application has since, pardon the expression, gone viral.

My reaction to the news has been to slowly and carefully tell everyone who has asked to take a deep breath and try not to overreact.

Here’s what happened.

Someone reported on social media that during one of their Zoom Meetings someone “uninvited” came in and “took” over the room. Within minutes numerous other reports were made on other social media platforms, and within hours the term ZoomBombing was born. The term is an adaptation from the term PhotoBombing in which someone intentionally or unintentionally appears in one of your photographs. While that term appears to have its origins in the late 2000s, someone correctly stated in one description that photobombing has probably been around as long as photography.

Within days, concerns were raised by writers of technology news, as well as journalists that resulted in folks digging deeper. These sources soon found other “security issues” and on March 30th the FBI was making announcements and sending out warnings. Apparently, things were getting out of hand; emphasis “apparently.” Within a few more days editorials and articles with headlines like “‘Zoombombing’ Becomes a Dangerous Organized Effort” appeared in the New York Times.

Zoom Technologies Reacts

I’m reminded of the scene in the film, It’s a Wonderful Life, when there’s are run on the bank and one of the characters asks, “How does something like this happen…?” Jimmy Stewart’s character, George Bailey, gravely concerned that his fragile “Building and Loan” will teether as well, wisely replies, “How does anything like this ever happen…?”

How this security nightmare happened is not important. What is important is the response.

Let us remember that in early February 2020, Zoom was a widely popular videoconference platform deftly designed to allow businesses and organizations to communicate with their staff and employees in an open and easy-to-use desktop application. It was the digital/virtual equivalent of the office meeting room allowing folks at distance locations to “sit around the table” take turns discussing the topic, share slides and demonstrations on the office “whiteboard,” and even allow for side discussions and breakout rooms. The pricing was reasonable (including a free trial version) and Zoom had made sure it was accessible to people with disabilities including adding the capacity to offer live captioning by anyone in the room or by a professional CART transcriptionist. Thus, in the relatively short history of the company, Zoom had managed to beat out the competition and by December 2019 was serving up online meetings to approximately 10 million users.

Then, when Coronavirus COVID-19 hit America hard, and businesses, schools and organizations were forced to close their doors and move operations to kitchen tables and living room couches, this perfect virtual tool suddenly became the answer to everyone prayers.

And then things got interesting real fast.

According to Zoom Founder and CEO Eric Yuan, in March 2020, Zoom was serving up online meetings to 200 million participants each day including to over 90,000 schools in 20 countries. Within hours of the first reported ZoomBombing incident (on or about March 17th) there were tech articles published describing what had happened and telling folks what easy steps they could take to “secure” their Zoom meeting. The most obvious recommendation was to NOT publish the link to your Zoom meeting on social media. BTW, the first case of ZoomBombing appears to have happened to some people who were holding an online WFH Happy Hour which had been advertised widely on social media. But the buzz saw of social media probably facilitated hundreds of copycat bombings.

On March 20th Zoom published their first blog post to users addressing the issue and again instructing users how “protect” their meetings.

But the idea for ZoomBombing spread much faster than the advice on how to prevent it. Lots of false information was spread and hysteria followed.

Soon there were reports that whole institutions had shut down Zoom and at least one state’s IT department chose to block all traffic to Zoom on state-own devices.

This will all shake out and we will no doubt forget about it in a few weeks. But if you are going to be using Zoom, or ANY video conferencing platform to operate your business, teach/train or facilitate meetings, you need to do your homework and make sure you know how the system works and what you need to do to “stay safe, stay healthy.”

Here are five recommended actions:

  1. Learn how to check and change your account settings. Non-enterprise accounts were all recently locked down by Zoom to require passwords for all meetings and add a “waiting room” before participants can enter. If you have an enterprise account, you need to check with your IT folks. Note that some additional security features were recently added but you need to have the latest version of the Zoom client. Check to make sure you have the latest version.
  2. Use Passwords for all meetings/webinars. The need for the waiting room is probably overkill for most meeting but might be appropriate for webinars.
  3. Have a staff person who serves as a Producer. This is a person in the meeting whose only job is to make sure everything is working correctly and can address any problems that arise. Whoever schedules the meeting is automatically the Host of the meeting and only the Host can change the settings for the meeting room. Understand that many of these setting need to be made before the meeting starts. The Host can also assign someone else as the Alternative Host. Note that in Zoom Webinar, the Host has some special privileges that are needed to run the meeting. The Host can also control microphones and who can access the Share Screen functions.
  4. Avoid using Personal Meeting ID (PMI). This a special feature in Zoom where you can use the same meeting credentials for all your meetings. Zoom suggests using your office phone number as the meeting ID this way everyone attending knows what the login information will be. Don’t do this.
  5. Don’t have “open” meetings. As described, the first case of ZoomBombing was for an online office Happy Hour for employees working from home. The link to the Zoom Meeting was shared widely, it was literally an invitation for “party crashers.” Also don’t use the same Meeting ID and let Zoom chose a random number as the password.

Remember – Take a Deep Breath.

UPDATE: I learned of an additional security feature after I posted this article. There is a setting in both Zoom Meeting and Zoom Webinar that prevents any HTML code written into the Zoom Chat from being executed from the Chat. This “locking” feature blocks all code including malicious, executable code or links to “bad” websites. The posted links will still appear in the Chat (as text) and can be copied and pasted into your browser, but they cannot be executed from within Zoom. For the time being, it is probably wise to keep this security feature turned on and to discourage participants from posting links in the Chat. Any important links/resources can be provided to participants from another source such as a digital “handout” or from your website after they have been vetted.

For more information

How to Keep Uninvited Guests Out of Your Zoom Event

A Message to Our Users from Zoom CEO Eric Yuan 

 

rev: 4/10/2020

Relay Conference Captioning

The following information is provided by Debra Bare-Rogers, Advocate, from the Telecommunications Relay Services (TRS).

Attending virtual event, is a great opportunity to connect. For attendees with hearing loss, this can bring challenges. Free resources are available to make online meeting participation more accessible. In Maine, deaf and hard of hearing individuals can use Relay Conference Captioning.

What is Relay Conference Captioning?

RCC (also called Sprint Teleconference Captioning) offers live and high quality captioning for Deaf and Hard-of-Hearing individuals to participate in meetings (in-person or remote), phone calls, videoconferences and multi-party teleconference calls. There is no cost to use this service.

Please use this link to see a demonstration of how RCC works

How to use RCC

Schedule an RCC event at least 12 hours before the meeting time.

  1. Use this link to go to the Maine Relay Conference Captioning Event Request form. Complete the form and submit the form.
  2. You will receive an email from Relay Conference Captioning confirming your request along with a link to the captioning.
  3. At the start time of the event, (using a computer, laptop or smartphone) login by clicking on the link provided in the confirmation email. Captioning will appear in real time during the call.
  4. NOTE: During the event, if you have a question or comment you can use the text box in the bottom right corner and the captioner will speak into the call on your behalf.

If you have additional questions about RCC and other relay resources available in Maine. Debra is available via Zoom to provide 1:1 virtual appointments, staff presentations and webinars. Contact her to schedule a meeting.

Debra Bare-Rogers
drogers@drme.org 

Disability Rights Maine
1 Mackworth Island, Bldg. C
Falmouth, Maine 04105

Phone: 207-797-7656 x 113 (V/TTY)
Toll Free: 800-639-3884 (V/TTY)
Fax: 207-797-9791

TRS includes Maine Relay Services, captioned telephone services (CapTel or CTS), and 711.

Survey to collect data around learning from home

The following request/announcement comes from colleague and fellow Maine educator, Jim Moulton:

COVID-19 has dramatically altered school and learning around the world. In an effort to capture, reflect, and share the unique perspectives of students and parents as they experience learning from home in Spring 2020, two brief surveys have been created. Again – our intention is to capture, reflect, and share the unique perspectives of students and parents as they experience learning from home in Spring 2020.

The stories and experiences, collected anonymously through the surveys, will help to inform and improve current and future learning-from-home strategies. Furthermore, it is our hope that students and parents may appreciate having a place and opportunity to anonymously reflect and share their experiences during this unprecedented time.

Please share broadly with learners and families involved in learning from home due to COVID-19.

Schools and districts are encouraged to use these reflective surveys system-wide, but should contact us for best options for capturing and using the data with their local community.

If you have questions about the surveys or would like to reach out to discuss, please use the following contact information:

Jim Moulton – jim@jimmoulton.org

Jim Moulton is a former elementary educator who has been working in the field of educational technology since the mid-1990s. He has worked with educators around the world, contributed to Edutopia’s Spiral Notebook blog, and spent a decade as part of Apple’s Education Team.

Dr. Damian Bebell – bebell@bc.edu

Dr. Bebell is an educational researcher at Boston Colleges’s Lynch School of Education and Human Development. An example of his research can be seen at Drawing On Math and a current article Beyond Academics: Success and the Purpose of School.

Maine AgrAbility video highlights students’ learning on the farm

Buxton, Maine — Over the past year, Maine AgrAbility and partner Alpha One integrated agriculture into the curriculum of a peer mentoring program at Massabesic High School in York county. The program, funded by the Maine Department of Labor Division of Vocational Rehabilitation and supplemented with hands-on opportunities, culminated with summer work experiences on a local farm.

Sally Farrell, owner of Rummler Run farm in Buxton and former University of Maine Cooperative Extension 4-H professional in York County, agreed to introduce three of the students to daily life on her farm in summer 2019. The stories and experiences of those three students — practicing problem-solving, handling small livestock, helping ensure biosecurity practices — are told in the video “On the Farm.”

Maine AgrAbility, a collaborative project of UMaine Extension and Alpha One, is dedicated to helping farmers, fishermen and forest workers work safely and more productively. For more information, contact Leilani Carlson at 207.944.1533; leilani.carlson@maine.edu.

More information also is available on the UMaine Extension AgrAbility website.

About University of Maine Cooperative Extension:

As a trusted resource for over 100 years, University of Maine Cooperative Extension has supported UMaine’s land and sea grant public education role by conducting community-driven, research-based programs in every Maine county. UMaine Extension helps support, sustain and grow the food-based economy. It is the only entity in our state that touches every aspect of the Maine Food System, where policy, research, production, processing, commerce, nutrition, and food security and safety are integral and interrelated. UMaine Extension also conducts the most successful out-of-school youth educational program in Maine through 4-H.

Survey on Wireless Device User Experiences for People with Disabilities

The Rehabilitation Engineering Research Center for Wireless Inclusive Technologies (Wireless RERC) announces the launch of its 2020 Survey of User Needs (SUN). The SUN is the Wireless RERC’s cornerstone survey on wireless technology use by people with disabilities. Over 8,000 consumers have completed it with disabilities since it was first launched in 2001.

This latest version has been updated in response to changes in technology. In addition to questions about cell phone and tablet use, this latest version of the SUN collects information about wearables, “smart” home technologies, and other next-generation wirelessly connected devices. User responses will help designers and engineers make new wireless devices and services for people with disabilities. Data from the SUN also provides important information to the wireless industry, government regulators, and other researchers to help them make wireless technology more accessible and more useful to people with all types of disabilities.

If you have a disability, please consider taking this survey. If you know someone who has a disability, please forward the survey to them. Thank you!

Select this link to take the 2020 Survey of User Needs

 

Voice-Assisted Coronavirus COVID-19 Screening

The following comes from Cool Blind Tech:

iPadApple also partnered with CDC on app and website for coronavirus triage

With voice-assisted tools released by Amazon and Apple, you can answer a few questions to figure out if you need further medical assistance for COVID-19.

Simply say, “Hey, Siri” for iPhones or “Alexa” for Amazon devices, and ask if you have the coronavirus.

These technologies are no replacement for professional medical advice, but they can help you figure out first steps at home when the health care system is overwhelmed with long wait times.

Amazon Echo

Amazon announced Thursday that it launched a screening tool for the United States that will talk you through some symptom-checkers.

“Ask, ‘Alexa, what do I do if I think I have COVID-19?” or “Alexa, what do I do if I think I have coronavirus?” and Alexa will ask a series of questions about your travel history, symptoms, and possible exposure. Based on your responses, Alexa will provide CDC guidance given your risk level and symptoms,” Amazon said in a statement.

Read the complete article on Cool Blind Tech

Read the news release from Apple

Read news release from Amazon

 

Google Teach From Home

Google logoIn response to the rapidly changing educational landscape, Google has created a new resource for teachers Teach from Home. The new web resource is available in eleven languages and provides teachers with answers to many questions and links to make additional resources found on their Google in Education service. There is a complete section on accessibility that describes how to turn on and use access features in Chrome and on Chromebooks.

The Teach From Home resource is also available to download (in PDF) for teachers who have limited access to the internet.

Google has also created a complementary resources, Learn @ Home a guide for parents and guardians.  Google partnered with learning creators to bring parents and families meaningful resources and activities. These resources are not meant to replace homework assigned by teachers, but meant to complement that work.

Use this link to visit Teach From Home

 

Hotspot Donations and Wireless for Educators

ACTEM and all ISTE affiliates have been asked to pass along the following information from Digital Wish…

Hotspot Donations and $10/Month Wireless for Educators

With nationwide school closures due to COVID-19, nonprofits Mobile Beacon and Digital Wish have a major hotspot donation program available that can significantly increase remote connectivity for students and teachers. Visit digitalwish.org and get up to 11 donated hotspots per school. Discounted $10/month unlimited 4G LTE internet service is provided so that teachers and students can connect and learn from anywhere in the Mobile Beacon coverage area. With a lending pool of hotspots, students-in-need can access the internet to embark on a distance learning journey during isolation.

Each hotspot has unlimited, high-speed 4G LTE mobile broadband service, and can connect up to 10 people on the internet on only one plan.

This donation program is open to all public, private, and non-profit K-12 schools and universities. For higher-need schools that exceed the cap of 11 hotspots per school, behind the scenes Digital Wish is purchasing modems that will qualify for the subsidized $10/month broadband service. If you need more, please contact: Heather Chirtea 802-379-3000, heather@digitalwish.org.

Mobile Beacon is a 501(c)(3) nonprofit and the second-largest Educational Broadband Service (EBS) provider in the United States. The nonprofit has been given an EBS spectrum license by the FCC, specifically to support broadband use in schools. Nonprofit Digital Wish teamed up to make the 4G LTE hotspot device donation program available to schools throughout the United States. If your schools have connectivity issues, this subsidized service will allow you to fill the gaps with wireless hotspot donations and equitably connect all students. Schools can easily create a Hotspot Lending Pool for students needing internet access at home.

Use this link to learn how to set up a lending pool...

Please share this announcement with your colleagues who are struggling to acquire access for remote students.

 

Supporting Students with IEPs During eLearning Days

With schools across the country forced into the situation of closing and providing services to students via distance education, this webinar focused on the specific educational and technical needs of students with IEPs. Particular emphasis was paid to supporting students who use Assistive Technologies (AT) and Accessible Educational Materials (AEM) and the importance of ensuring distance learning systems work effectively with these. Resources and offers for technical assistance were described.

Due to high demand and a tremendous turn out, the live session on March 23rd was not available to most who registered for the event.

The recording from edWeb is now available to view at this link

Supporting Students with IEPs During eLearning Days was presented by Christine Fox, Deputy Executive Director, SETDA; Cynthia Curry, Director, National Center on Accessible Educational Materials and the Center on Inclusive Technology & Education Systems (CITES) at CAST; and Luis Perez, Technical Assistance Specialist, National Center on Accessible Educational Materials at CAST –

“Study from Car” Initiative Starts in Maine

Network Maine logoNetworkmaine is a unit of the University of Maine System providing Maine’s Research & Education (R&E) community with access to high-bandwidth, low-latency connectivity and complimentary services that enhance their ability to successfully deliver on their missions. Founded in 2009 Networkmaine provides K-12 schools and public libraries in the state with Internet connectivity at little or no cost through the Maine School Library Network – MSLN project.

The following announcement comes from Networkmaine:

Study-From-Car Initiative

With the closure of public schools and the subsequent transition to remote learning, many schools have identified a lack of adequate Internet access in the homes of some of their students, limiting the ability of those students to participate in online learning opportunities.

Networkmaine has offered assistance to the roughly 140 local schools that have their WiFi networks provided through the Maine Learning Technology Initiative (MLTI) in creating an additional “guest” WiFi network.  This additional WiFi network will be completely segregated from any existing network(s) at the school.  The hope is that the MLTI wireless service currently bleeds out of the building to the extent that someone could park in the parking lot and obtain service, allowing them to participate in online learning while maintaining the social distancing that the school closures are intended to facilitate. We have already heard from schools that are re-positioning their WiFi access points near exterior wall and windows to help extend the outside coverage.

We have dubbed this effort Study-From-Car as a play on the phrase work-from-home that has become so prevalent in the media.

We encourage participating schools to use the hashtag #studyfromcar if they make any announcements on social media.

Use this link for more information – and to see an interactive map where Study from Car schools are located