Zoom is making some changes as from April 5 to help prevent rampant abuse of the platform. This move comes after trolls attack publicly shared video calls. Now, you will require passwords to enter calls using Meeting ID, as these may be reused or guessed. Meanwhile, the platform will make a change on virtual waiting rooms and make them be on default so hosts can manually add their attendees.
These changes could help prevent “Zoombombing”, a term that was coined about 14 days ago to describe malicious activities by some people entering Zoom calls and screensharing offensive imagery.
New Zoombombing has, however, emerged. They include using virtual backgrounds to spread hateful messages, spamming chats with terrible GIFs, or screaming slurs and profanities.
The FBI issued a stern warning about this Zoombombing problem after children online classes, private business calls, and anonymous alcoholic meetings were invaded by the trolls. Research shows that there are so many ways that attackers can infiltrate calls.
The problem stem is, Zoom was designed for trusted enterprises use cases than for roundtable discussions, yoga classes, and cocktail hours. But with the platform struggling to scale its infrastructure as its users have shot from about 10 million daily to about 200 million users daily over the past one month due to the coronavirus outbreak caught Zoom off guard.
Eric Yuan, the CEO, has apologized for these security failures over last week and vowed to make changes. But at that time, the CEO barely mentioned that they would default to making screensharing host-only as well as keeping waiting rooms on for K-12 education users. Now, waiting rooms are by default for every user.
Zoom communicated the changes to all its users via email. The email explained that they have decided to enable password on meetings as well as turn on waiting rooms by default as an improvement of their security and protect their privacy.
The company also explained that for the meeting that will be held moving forward, that meeting password could be found in the invitation. For instant meetings, the security password will be arrayed in the Zoom client. The password can also be found on the meeting URL. Other precaution the users can use include rejoining removed attendees, disabling file transfer, and screensharing removed attendees.
This shift may cause some hassle to the users, but it is a reasonable price to pay for improved privacy and scarring away Zoombombing attacks. This is a clear sign that technologists need to get better at anticipating the worst-case scenario, though.