Zoom makes common sense safety measures by default after a spate of trolling attacks


Beginning on Sunday, Zoom will begin to require passwords and activate default virtual waiting rooms in an attempt to mitigate the flood of troll attacks that have accompanied its user base of hot air balloons following the Covid-19 pandemic.

The multi-billion pound video messaging platform’s user base grew from 10 million people at the end of last year to more than 200 million in March, reorganizing Zoom from one pillar of the business in a household name as an increasing number of people begin to work remotely and adhere to guidelines on social distancing. And with this success, the company discovers, comes a lot of unwanted attention – especially from teen pranksters who are bored of their minds in self-quarantine.

This has led to so-called “Zoom bombings” in which malicious actors join random video meetings and broadcast graphic porn and violent images. Since Zoom meetings are defined as public and allow any participant to share the default screen, it is easy for any internet hike with a link to hijack a virtual classroom or a city council teleconference with clips disturbing video.

Zoom aims to change that with a multitude of new security measures. In a blog post on Saturday, the company announced that meetings will now have the Zoom waiting room feature activated automatically so that hosts can more easily filter attendees before allowing them to join. This is a standard metric rolled out to all users after Zoom started making the default functionality for virtual classrooms on Tuesday. Although Zoom started making functionality a default setting for its virtual classrooms on Tuesday, it will be rolled out to all users starting on Sunday.

Teleconferences will now also be password protected by default, which includes several stipulations.

“For scheduled meetings, the meeting password can be found in the invitation. For instant meetings, the password will be displayed in the Zoom client. The password can also be found in the meeting participation URL, “the company wrote in an email to users, as noticed by TechCrunch.

More importantly, this means that people who attempt to join manually using a meeting ID – tags that trolls frequently scratch on social media and share for coordinated raids – will also need to enter a corresponding password. It may not completely overwrite “zoom bombing,” as some particularly stubborn hackers may still discover and circulate both a meeting ID and password, but this is a step in the right direction. direction to limit practice.

Zoom is also planning to implement an end-to-end encryption option in the coming months, CEO Eric Yuan recently told The Wall Street Journal – something Zoom previously claimed was until several cryptographers called themselves. bullshit. In the report, he also reaffirmed a public apology released Friday for the security failures.

“I really messed up as CEO, and we need to regain their trust. That kind of thing shouldn’t have happened, “said Yuan.

Zoom’s failure to link its exponential growth with essential cybersecurity measures is not only widely regarded as irresponsible – it has also attracted the attention of several US authorities. Last week, Attorneys General of New York State and Connecticut launched investigations into Zoom’s practices and the FBI issued an official warning regarding the company’s lax security.

Featured photo: Anthony Wallace (Getty Images)


Please enter your comment!
Please enter your name here