With the new update from Zoom, admins will have the possibility to disable personal Meeting IDs to stop intruders. As the popularity of video conferencing apps increased, with the lockdown, a Zoom phishing campaign started in April. In fact, the attackers asked recipients to join meetings and threatened them with suspended employment contracts due to the pandemic. The campaign has targeted more than 50.000 people, mainly those using Office 365.
Zoom took steps
So, Zoom had to take steps in order to stop this. With the latest security update, the company decided to give admins the possibility to disable personal Meeting IDs. This feature should be very useful, because improperly secured meeting offer the possibility for anyone to jump in and steel data.
Also, the company acquired Keybase, a startup platform, in order to strengthen its security profile. The new acquisition will implement end-to-end architecture for calls, but only on paid subscriptions.
In order to stay away from intruders, there are a few things to consider. In fact, experts advise any user to update recurring meetings or those that have been scheduled previously using a PMI. Logged-in users will generate public cryptographic identities. Those, are stored in a repository. Then, users can use them to establish trust relationships between attendees.
Moreover, Zoom will not store the encryption keys on its servers. Also, the details of the Keybase cryptographic draft will be published on May 22nd.
At the same tim, Zoom askes users to set a password for every meeting, to disable the option to join, before host, and also enable waiting room. Once they start, users should lock their meeting. The company mentioned that, in order to safeguard their data, users should obey the security rules above.
Zoom became very popular after the lockdown started and faced a huge number of users and meetings. So, attackers became very interested in this platform and Zoom had to face this challenge, on the way.