After a series of security lapses, Zoom has put a hold on all feature development in favor of beefing up user protections. The lastest changes coming to the app are meeting passwords and waiting rooms being turned on by default. Previously these features had to be enabled by users as developers wanted to make the process of joining meetings as “frictionless” as possible.
However, last week the Federal Bureau of Investigation and one federal prosecutor warned that they had seen an increase in Zoom-bombing incidents. This is where an uninvited user or hacker intrudes on a teleconference to disrupt it. Officials warned that such an act is a federal offense that comes with very harsh penalties, including large fines and prison time.
Seemingly in response, Zoom haas enabled passwords and waiting rooms to keep out unwanted guests. The password feature was already enabled for new and instant meetings, or conferences joined using a meeting ID. The main difference now is that passwords will be turned on for previously scheduled events.
You can see the new changes in this video from Zoom:
Developers have tweaked the process a bit to minimize the steps users have to take to join protected meetings. For example, invites will have a link that includes the password to allow users to get in with one click. However, entering the meeting ID will still require inputting the proper password.
Zoom usage has skyrocketed during the COVID-19 pandemic as people have turned to the free video conferencing service to stay in contact with friends, family, colleagues, and even their yoga teachers. But that increased usage has also made the platform a target for hacks, pranks, and harassment, often through Zoombombing. The issue has become serious enough that federal prosecutors are now warning there could be serious legal implications for Zoombombing perpetrators.
The service’s new default protections may also address other security issues with the platform. It came to light that some security researchers had developed an automated tool that is able to identify 100 non-password-protected Zoom meeting IDs in an hour and scrape information about those meetings perhaps Zoom’s new passwords-by-default policy could prevent similar scanning tools from finding meeting IDs and private information in the future.
