Zoom enacts security and privacy control to prevent Zoonbombing
In our recent article, “What is Zoombombing and how to defend against it” we explained Zoombombing is when an unauthorized person or stranger joins a Zoom meeting/chat session and causes disorder by saying offensive things and even photobombing your meeting by sharing pornographic and hate images.
This has been occurring because most Zoom meetings have a public link that, if a person were to click it, it will allow them to join that meeting even though they are not a participant. Zoombombers have been collecting these links and sharing them in private chat groups, and conducting disruptions.
Fortunately, on April 5th, Zoom turned on the passwords and waiting room features for meetings by default aimed at users of their free version and those with a single license version to help prevent “Zoombombing”.
These changes came right on time as Trent Lo, a cybersecurity researcher and members of a Kansas City-based security meetup group, SecKC, developed a program that can automatically scan for Zoom meeting IDs on the Internet. The program titled “zWarDial” is able to identify approximately 100 Zoom meeting IDs in an hour and collect nearly 2,400 Zoom meetings IDs in a single day.
Another added benefit from the April 5th change is previously scheduled Zoom meetings will also have Zoom passwords automatically enabled. Some experts have gone as far to categorize Zoom as malicious software or Malware as described in a recent article by The Guardian titled, “‘Zoom is malware’: why experts worry about the video conferencing platform”. I personally would not take it that far to describe it as malware, but do fault Zoom for not following adequate SecSDLC procedures. In additional, as in many applications, there are always deficiencies and bugs that will need to be remediated.
Hopefully these changes will provide the privacy protection needed to keep our events private and safe.
Please share your thoughts below.