The use of video calls has grown a lot in the middle of the quarantine, being Zoom and Jitsi Meet two of the most popular platforms. Unfortunately, a security flaw makes it easy for strangers to join video calls, and even display annoying content to attendees.
We have already thoroughly introduced both Zoom and Jitsi Meet, originally designed for holding virtual meetings in companies, and whose creators they did not have the huge number of users who currently use them when teleworking, teaching online or simply chatting with friends and family.
We now know that Jitsi Meet suffers from the same privacy issue as Zoom, allowing strangers to join private video calls. This is not a technical security issue, more a design issue, exacerbated by the huge number of current users.
Access to video calls is done through a link, either generated automatically or chosen by users. Initially, anyone with that link can access, although this was not a common occurrence in the past.
However, the large number of video calls on Zoom and Jitsi Meet has caused some users to type in a random meeting link, and the chances of them being right have multiplied.
It is called "Zoom bombing", which is now also "Jitsi bombing": a stranger connects to ruin the conference (or simply to spy on), in some cases even showing adult content.
In reality, these incidents are preventable, but with so many people learning how to use video calling tools, in too many cases attackers are successful.
The simplest and most reliable way is protect the meeting with a password, which we will provide privately to users, together with the link. And it is that finding the addresses assigned by Zoom or Jitsi can be easy, but finding out the chosen password would be much more effort.
On the other hand, if we create long and random links, it is also more difficult for strangers to slip through.
To give an example, by using an address like meet.jit.si/12345 we would make it easy for a potential attacker, because "12345" is a common sequence and easy to imagine.
The "bombing" of Zoom and Jitsi is annoying in a personal or professional conference, but it can be considerably more uncomfortable if a class is in progress, with children or teenagers present.
We have already explained how to teach online, since many educational centers and teachers are not used to the tools, let alone these small security details.
Although both programs give options such as mute the audio and video of the participants, or expel them, in general the use of a password is the best solution, which prevents access to outsiders.
In fact, we have also explained how to prevent strangers from joining Houseparty, as the video calling app with built-in games suffers from the same bug. Of course, it is important to take care of privacy in video call apps, to avoid unpleasant situations.
Have you had any unexpected events on Jitsi Meet or Zoom? Have strangers joined the conversation without permission?