Video-conferencing software Zoom has grown in use over the past several weeks due to Ohio State’s transition to virtual learning amid the COVID-19 outbreak, and with it has come some uninvited guests.
Zoom was found to be the most effective virtual-learning platform for Ohio State’s size and operations, and though the number of university meetings rose to an average of more than 8,000 per day, an increase in security problems has not followed despite news reports of people hacking into Zoom in other settings, Liv Gjestvang, associate vice president of learning technologies in the Office of Distant Education and eLearning, said.
According to the Office of the Chief Information Officer, about 45,000 Ohio State Zoom sessions are taking place each week, and of the 200,000 that have taken place so far, less than 10 instances of “Zoom bombing” — disruptions during class from people outside the university — have been reported.
However, some students said they have experienced obscene images, yelling and chat spam during Ohio State’s online classes.
Gjestvang said Ohio State’s problem with Zoom has mainly been these reported disruptions.
“There have been a very small number of incidences reported, but these are instances that we are taking very seriously because those disruptions are not ones we want anyone in our community to be exposed to,” Gjestvang said.
Travis Ritter, director of learning systems and infrastructure at Ohio State, said in an email that the incidents are not so much hacking as they are “bad actors” finding links to unsecured meetings.
The university had 30,000 Zoom meetings the first week of April, Gjestvang said. At the beginning of the spring semester, the university averaged 2,000 per week, and there were a total of 18,000 Zoom meetings during fall semester.
Helen Patton, chief informant security officer in ODEE, said the number of Ohio State students, faculty and staff using Zoom is so large now that the proportion of potential threats on Zoom is comparatively very small.
Patton said Ohio State will not disclose university-specific incidents, as it is a “security and privacy issue.” ODEE is working closely with the Office of Institutional Equity, and Gjestvang said they’re actively pursuing all cases of harassment and discrimination.
Michelle Fischer, a third-year in industrial and systems engineering, said she experienced an incident of hacking during one of her classes about two weeks ago.
She said a man accessed her Zoom classroom, and he and about 30 others started playing loud music and spamming the chat room. She said they set their virtual backgrounds to “inappropriate and vulgar” images.
“My professor talked to the university, and they said to add a password to the class, and then it didn’t happen again,” Fischer said.
Lena Harper, a third-year in industrial and systems engineering, had a similar Zoom hacking experience.
Harper said that during her class about two weeks ago, someone started blaring explicit music and yelling at her teaching assistant. Harper said she thought someone fell asleep on their keyboard because the chat function in Zoom was blowing up with jargon and random letters.
“I think someone in the class said, ‘We are being attacked,’” Harper said.
Harper said her professor realized what was happening and removed the hacker from the class. Harper’s professor then added an authentication step to get into the class, and there hasn’t been another incident since, she said.
Other universities have reported their own issues with Zoom bombing. A University of Iowa class was discussing the Holocaust and genocide on Zoom when it was hacked by three unknown individuals who displayed racist and anti-Semitic images as their video backgrounds, the Daily Iowan reported.
At Arizona State University, a professor had his first online Introduction to Storytelling class disrupted by a user displaying a pornographic video as their background, causing the professor to end class early, according to Inside Higher Ed.
Patton said all new technology undergoes a risk evaluation before it is implemented at Ohio State, and Zoom was found to be worth the small risk it posed.
Though the risks are small, they do still exist, Gjestvang said.
“We continue to monitor it and we continue to adjust because nothing is set in stone all the time,” Patton said.
Gjestvang said to protect privacy on Zoom, students should not post Zoom links in public places such as Twitter or Facebook, and it’s helpful if professors require a password to get into the Zoom sessions, as well.
“We are very committed to the security and safety of our Ohio State community,” Gjestvang said. “I feel very grateful that we have a set of tools that are allowing us to continue instruction.”