Zoom meeting app rose to fame in the age of social distancing, as users all over the world were asked to stay at home and be safe during the COVID-19 pandemic. The app allows a large number of people to conduct a video conference, which is why it’s become a popular choice among businesses, politicians, and even educational institutions. Now, a new report suggests that recorded videos on Zoom may have been leaked online revealing personal information and private conversations. Furthermore, with the rise in these video calls, hacking and pranking cases have also seen a spike. A word called ‘Zoombombing’ has also been coined for those who invade private or public calls without consent. The rise in Zoombombing has forced federal prosecutors to take legal action against these pranksters. Because of these lapses, Zoom has also introduced new security and privacy measures to prevent Zoombombing and leaking of recorded videos.
The Zoom meeting app has announced that starting Sunday, April 5, it will enable the Waiting Room feature and two meeting password setting for all Basic and Pro users. It has enabled two password settings by default – one that requires a password for Personal Meeting ID (PMI) and one that require a password for meetings which have already been scheduled. This means that if you sent a meeting invitation before this password setting was enabled, you will need to send it out again or send the invitees the password to join. These new settings have been enabled to prevent unwanted participations from joining in.
Zoom notes, ‘For scheduled meetings, the meeting password will be in the invitation. For instant meetings, the password will be displayed in the Zoom Client. The password is also included in the meeting join URL.’ As mentioned, there’s also the new virtual Waiting Room feature that will ask the host to approve joining of every member, even after the password authentication is completed. Admins can approve joining of each participant individually or accept all participants at once. This feature is enabled by default moving forward, and users will have to disable it manually if they don’t wish to use it. The idea is to add another level of security for preventing unnecessary hacks.
As the cases of Zoombombing rise, the US Department of Justice for the Eastern District of Michigan has issued a warning that all hackers can be charged with state or federal crimes. Charges may include disrupting a public meeting, computer intrusion, using a computer to commit a crime, hate crimes, fraud, or transmitting threatening communications. All of these charges are punishable by fines and imprisonment.
The department has issued some best practices for users as well. This includes not making meetings or classrooms public, not sharing link to a teleconference or classroom on an unrestricted publicly available social media post, but instead provide the link directly to specific people. The department also advices keeping the screensharing options to ‘Host Only’.
A report in The Washington Post also seems to suggest that thousands of personal Zoom videos are available online openly. These exposed videos include one-on-one therapy sessions; a training orientation for workers doing telehealth calls, and even small-business meetings that included private company financial statements. The report states that some of these videos appear to have been recorded through Zoom’s software and saved onto separate online storage space without a password. Easy discoverability of these videos is mainly because Zoom names its saved videos in an identical manner, and doesn’t enforce unique names for each videos. “Should hosts choose to upload their meeting recordings anywhere else, we urge them to use extreme caution and be transparent with meeting participants, giving careful consideration to whether the meeting contains sensitive information and to participants’ reasonable expectations,” Zoom told the publication.