Zoom: Are You Sure That You Are in a Secure Private Meeting?

17 July 2020

We are living in a world where technology has a massive and important use in each one of us. Technologies are changing the way we live and work. With the use of technology, we can connect to any person in any part of the world. We could even have a meeting via the Internet. We have lots of app and software that help us to have a meeting and one of these is the Zoom.

Zoom provides us video conferencing, online meetings, and chat. How are you sure that you are in a secure private meeting?

There was a recent issue that Zoom could have let uninvited people join private meetings.

According to The Hacker News, these people can join an active meeting by entering a unique Meeting ID, without requiring a password or going through the Waiting Rooms. They said that Zoom generates this random meeting ID, comprised of 9, 10, and 11-digit numbers, for each meeting you schedule or create. If leaked beyond an individual or intended group of people, merely knowing Meeting IDs could allow unwelcome guests joining meetings or webinars. But to make Zoom meetings more secure, introduced some additional controls for the password settings. 

Users can now enable passwords on a meeting-by-meeting basis. According to Zoom Help Center, these new settings are:

  • Require a password when scheduling new meetings
  • Require a password for instant meetings
  • Require a password for Personal Meeting ID (PMI) 

And according to The Hacker News, as a result of Check Point’s disclosure, Zoom introduced the following security features and functionalities into its cloud-based video conferencing service:

  • Default Passwords ⁠— Zoom now, by default, automatically generates a six-digit numeric password for each meeting you create that participants need to enter when joining by manually entering the meeting ID.
  • Account and Group Level Password Enforcement — Under new controls, three new password settings are now enforceable at the account, group, and user levels by the account admin.
  • Meeting ID Validation — Zoom will no longer automatically indicate if a meeting ID is valid or invalid, making it harder for automated scripts to determine active meetings. For each connection, the page will load and attempt to join the meeting. Thus, a bad actor will not be able to quickly narrow the pool of meetings to attempt to join.
  • Device blocker — To prevent brute force attacks, repeated attempts to scan for meeting IDs will cause a device to be blocked for some time.

However, the good news is that you can still fix this issue by yourself.

All you need to do is manually disable the setting that allows Zoom to automatically turn your webcam on when joining a meeting.

One of the top priorities of Zoom is its users’ privacy and security.

Zoom continues to provide remote conferencing service and secure its users the best way they can.

You May Also Like