Zoom, which on Friday stopped development of new product features so it could focus on fixing various privacy and security issues, clamped down even further on security weaknesses over the weekend.

The company on Saturday switched on default password settings and waiting rooms for users of its Free Basic tier and those with a single account on its cheapest paid tier, such as K-12 eduction accounts. All meetings that use a Personal Meeting ID (PMI) will now need a password, and password settings that had been disabled will be re-enabled. As a result, passwords will be required for instant meetings, for participants joining by phone and when a new meeting is scheduled.

Zoom CEO Eric Yuan acknowledged in an interview with CNN on Monday that the company “moved too fast” as the COVID-19 crisis unfolded and should have enforced tighter security to protect users.

The company has seen a surge in the use of its platform in recent weeks, as self isolation in response to the pandemic ramped up the demand for video software. As its popularity has boomed — both for business and personal use — and the company’s stock price rocketed, underlying vulnerabilities in the platform have become apparent.

Referring to the latest security changes, Zoom said schools using its software will have the new password settings locked permanently, while others with free accounts, or paid accounts with a single licensed user, can remove the requirements if the want.
(Zoom’s waiting room feature has also been enabled by default to let hosts vet participants before letting them in to a meeting.)

“Zoom-bombing,” where intruders have been able to access video meetings that were not password protected, has led to serious privacy concerns, with uninvited attendees harassing online A.A. meetings and church meetings, for example. The FBI last week warned of unauthorized access to virtual classrooms and recommended that users change security settings to protect meetings. 

Copyright © 2020 IDG Communications, Inc.

Source Article