To stop the hijacking wave, Zoom requires passwords for all pre-scheduled meetings and also enables the “Waiting Room” feature during the video conference.
The change will take effect on Sunday when the company’s video conferencing software has become the target of pranksters and racists who have infiltrated the zoom sessions to confuse and harass users without hassle.
The company quietly created a frequently asked questions page about the upcoming change on Thursday. So today, Zoom started sending emails to users about new security enhancements that Techcrunch first noticed.
“If your attendees are joining via a meeting link, there will be no change to their joining experience,” the email said. “For attendees who join meetings by manually entering a Meeting ID, they will need to enter a password to access the meeting.”
The company offers new security settings to primary and professional users with a single license, including K-12 training accounts for those who have the 40-minute meeting limit has been temporarily removed.
The password request may be a response to a report by security journalist Brian Krebs on Thursday about how security researchers created a tool to find zoom meetings without password protection. Because zoom session meeting IDs consist of only 9-11 digits, you can automate the process of randomly testing valid zoom meeting IDs for access.
According to Krebs, the researchers were able to hold nearly 2,400 zoom meetings in a single day of scanning, all of which can be easily hijacked to spy on or harass users.
However, the decision to enable the waiting room feature for all users is likely to make the biggest difference in stopping hijackings. The host must recognize which guests can attend the video meeting. This makes it a practical tool to keep unwanted guests away.
In fact, hijackers learn both meeting IDs and passwords for zoom sessions as people post details on social media or online chats. Shareable URLs for future zoom meetings can also include a password in the link. This makes meeting access easy with a single click, even if the URL falls into the wrong hands.