The increased remote working footprint and reliance on Zoom has led to a wave of mischief makers dropping in uninvited on insecure Zoom meetings to play offensive material, such as pornography, via Zoom’s screen-sharing feature. They are also verbally insulting and threatening meeting participants using profane or racist language. These acts, dubbed “Zoom-bombing,” have steadily increased over the last few months. In addition, Zoom also received scrutiny from the security community concerning the data collection and privacy implications of using the application.
Following these mounting security concerns, Zoom released version 4.6.9 of its Windows and macOS clients to address several of the flaws reported over the last few weeks. Eric Yuan, Zoom’s Chief Executive Officer, published a blog talking about several of the privacy and security issues that were raised about Zoom over the last several weeks and how they have addressed them.
In a full analysis by Tenable, the company proposes the following solution:
- When creating Zoom meeting rooms, do not make them public.
- When configuring a meeting, opt for Zoom to create a randomly generated ID, rather than checking the personal meeting ID option.
- Set meetings to private and be sure to require a password.
- Also, disable the join before host option to prevent potential trouble before hosts arrive at the meeting, assign a co-host to help moderate the meeting and enable the Waiting Room to view attendees before the meeting commences.
- Additional precautions include disabling allow removed participants to rejoin and file transfer