Zoom will enable passwords and waiting rooms by default to prevent Zoombombing
Zoom is going to introduce new security and privacy measures with turning on passwords and waiting rooms by default for all meetings.Starting April 5th, it will require passwords to enter meetings, instant meetings or calls via Meeting ID, as these may be guessed or reused.And also zoom hosts have to manually admit the attendees as it turns on virtual waiting room feature by default.According to the Zoom this will help to prevent “Zoombombing” attacks that allows bad actors to intercept and disrupt uninvited Zoom meetings and sharing misinformation,terrible GIFs, spread hateful messages or even pornographic content.
With the COVID-19 pandemic, people switch to work at home strategy and usage of Zoom growth exponentially. But that increased usage has also made the platform a target for hacks, pranks, and harassment, often through Zoombombing. Few days ago security researcher Matthew Hickey (@HackerFantastic) and Twitter user Mitch (@g0dmode) discovered that the Zoom client will convert Windows UNC paths into a clickable link when you share those UNC paths through the Zoom chat messages.Real danger of this vulnerability is when user clicks on a UNC path link, Windows will attempt to connect to the remote site using the SMB file-sharing protocol by sending user’s login name and their NTLM password hash to open the the link resource.Although Zoom issues fix for UNC vulnerability yesterday, but experts recommend Windows users to turn off the automatic transmission of NTML credentials to a remote server feature from security policy settings.
Also Zoom fixed some of its vulnerabilities like “malware-like” macOS installer.LinkedIn also suspended Zoom integration that exposed users’ LinkedIn profiles.To improve the privacy and security users can disabling file transfer, screensharing or rejoining by removed attendees.And also Zoom recommends resend invites with passwords attached for Meeting ID-based calls scheduled for after April 5th
Zoom CEO Eric Yuan apologized for the security failures and vowed changes.Very first day of this month, Zoom announced a 90-day freeze on releasing new features so it can focus on fixing privacy and security issues with the platform.According to the Zoom blog, the company also explained that “Over the next 90 days, we are committed to dedicating the resources needed to better identify, address, and fix issues proactively. We are also committed to being transparent throughout this process. We want to do what it takes to maintain your trust.”