Skip to content
Naked Security Naked Security

Trolls ZoomBomb work-from-home videocall with filth

Trolls have been joining videoconferencing calls to expose meeting participants to disturbing videos.
Written by
March 20, 2020
Naked Security #WFHappyHour bluejacking Casey Newton coronavirus COVID-19 remote working screensharing trolls videocalling videoconferencing WFH Happy Hour work from home Zoom ZoomBombing

With so much of the world self-isolating, physically distancing themselves from others and remotely working from home, people are flocking to remote-work apps such as Microsoft, Slack and Zoom – anything that can make them feel connected by teleconference or videoconference.
Well, hang on to your hats, hosts: before you set up meetings, you need to know how to block the trolls. Specifically, if you’re using the Zoom videoconferencing app to connect people, you need to configure meetings so your participants don’t wind up connecting to the closest receptacle as their guts suddenly start to churn.
I’m talking about ZoomBombing: a new form of trolling in which asshats use Zoom’s screensharing feature to scorch other viewers’ eyeballs with the most revolting videos they can find, be they violent, pornographic, or a mixture of multiple revolting ingredients into a bile-rising cocktail.
As TechCrunch reports, on Tuesday, WFH Happy Hour – a popular daily public Zoom call hosted by The Verge reporter Casey Newton and investor Hunter Walk – got ZoomBombed. Dozens of attendees were suddenly exposed to disturbing imagery when a troll entered the call and screenshared a brain-scorching fetish video along with other “horrifying” sexual videos, Josh Constine reports.


Attendees of the WFH Happy Hour videoconference found it futile to block the barrage. The perpetrator simply re-entered the call under a new name and kept up the screensharing of nastiness. Since they couldn’t stop the assaults, the hosts simply ended the call.

It doesn’t have to be this way

Unfortunately, it’s Zoom policy that enables the infliction of this abhorrent content. To wit:

The host does not need to grant screen share access for another participant to share their screen.
By default, any participant in a meeting can share their video, screen, and audio.

“By default?” To avoid this kind of horror show, the setting should really be “screensharing only with moderator permission.” Be that as it may, hosts can disable the option in settings, pre-meeting, by changing screensharing to “Host Only.” Otherwise, during the meeting, hosts can turn on that setting as soon as they see that the screensharing feature is being abused.
Here’s where you can check out Zoom’s instructions on managing participants in a meeting.
As well, Tech Crunch passed along these tips from entrepreneur Alex Miller on other ways to protect your Zoom calls:

  • Disable “Join Before Host” so people can’t cause trouble before you arrive.
  • Enabling “Co-Host” so you can assign others to help moderate.
  • Disable “File Transfer” so there’s no digital virus sharing.
  • Disable “Allow Removed Participants to Rejoin” so booted attendees can’t slip back in.

Don’t be like The Verge’s Newton, who found himself apologizing to his parents, who were on the #WFHappyHour call on Tuesday for the first time. He told Tech Crunch that he didn’t capture screenshots of the attack since he was too busy screaming. Constine quoted him sometime after his heart rate returned to normal:

Today we all learned an important lesson about disabling screen sharing and saw once again the importance of good content moderation.

Haven’t we learned this lesson before?

Yes, we kind of have: ZoomBombing is the latest iteration of an ancient fad known as bluejacking that first popped up in 2003. It allowed pranksters to exploit mobile phones’ Bluetooth technology, which lets devices communicate with each other up to a range of about 30 feet. When Bluetooth is activated, it automatically seeks out other Bluetooth devices in the vicinity, and that lets people send anonymous messages to each other.
Or, say, pictures of their junk. In 2017, one woman was subjected to 120 down-the-pants selfies via iPhone AirDrop while riding public transport.
Now’s as good a time as any to remind everybody that inflicting depictions of wobbly flesh on others is a crime. In England, sending indecent images is classified under section 66 of the Sexual Offences Act (2003), given that it’s the same as exposing genitals and intending that the recipient “see them and be caused alarm or distress”. At least back in 2017, the penalty for breaking the law was a prison term of up to two years.

Latest Naked Security podcast

LISTEN NOW

Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.

Read Similar Articles

1 Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!