logo
ConsoleSign Up
FAQ
Overview
On this page

How to prevent ghost microphone or room bombing phenomena in audio and video interaction?

2021-12-04
Products / Plugins:Video Call / Audio Call / Live streaming
Platform / Framework:iOS / Android / macOS / Windows

Overview

"Ghost microphone" refers to the phenomenon of non-microphone users speaking in an audio and video room. "Room bombing" refers to the phenomenon where users deliberately disrupt the order of an audio and video room using ghost microphone, destroying normal audio and video interaction between users.

Common Phenomena

Common ghost microphone/room bombing phenomena include:

  • Illegal users exploit the problem of long Token validity period configured with a certain AppID, hijack AppID, UserID, RoomID, and Token to log in repeatedly.
  • After illegal users illegally log into the room, they create noise, continuously send non-compliant audio and video content, and disrupt the order of chat or interaction.
  • Illegal users hijack signal messages sent by the developer's backend, disrupt microphone operations such as muting/unmuting users in the room, and prevent clients from obtaining microphone information.
  • Due to business vulnerabilities, the actual speaking situation in the audio and video room does not match the microphone information displayed on the client, resulting in unknown users speaking.

Common Scenarios

Ghost microphone/room bombing phenomena often occur in the following scenarios:

  • Multi-person connection calls
  • Online KTV
  • Voice chat rooms

Prevention Measures

Developers can prevent ghost microphone/room bombing phenomena caused by business vulnerabilities by correctly using Token and enhancing security:

Note

The following settings are for reference on Native platforms only, mainly referring to iOS, Android, macOS, and Windows platforms.

  • Be sure to generate Token on the server side and properly keep AppID and ServerSecret confidential. Do not disclose them to the public.
  • Count the average online time of users in the room and set the Token's validity timestamp parameter effectiveTimeInSeconds based on this time. After the Token expires, illegal users will not be able to use the Token to log into the room repeatedly.
  • Register the onRoomTokenWillExpire callback to monitor Token expiration events. When this callback is received, the client requests the server to generate a new Token, and then calls renewToken to pass the newly generated Token to the SDK.

For related implementation, please refer to Using Token Authentication.

Previous

How to set the audio device mode ZegoAudioDeviceMode?

Next

How to enable headphone monitor?

On this page

Back to top