According to a new report published by security expert Brian Krebs, an automated tool is able to find around 100 Zoom meeting IDs in an hour and nearly 2400 Zoom meetings’ information in a solitary day of scans. Security professionals Trent Lo and members of SecKC, a security meetup group based in Kansas City, designed a program called “zWarDial” which can guess Zoom meeting IDs which are nine to eleven digits long. The program is also capable of obtaining information about those meetings.
@briankrebs on Twitter said:
“Automated Zoom conference meeting finder ‘zWarDial’ discovers ~100 meetings per hour that aren’t protected by passwords. The tool also has prompted Zoom to investigate whether its password-by-default approach might be malfunctioning.”
zWarDigital can successfully determine legitimate meeting IDs around 14% of the time. The program was able to extract links to meetings, their date and time, meeting organizer’s info, and meeting topics. In January, researchers at Check Point Research said,
“Zoom had implemented a feature which would block repeated attempts to scan for meeting IDs following their own disclosure of a way to identify valid Zoom IDs.”
However, on the bright side, zWarDigital can not find meetings which are protected by passwords. Zoom claims that it password-protects new, instant and manually entered meetings. The fact that zWarDigital is still able to find over 2400 meetings in a single day, points towards lack of password-protection in several Zoom meetings.
In a statement to The Verge, Zoom strongly encouraged its users to implement passwords for their meetings to ensure that uninvited users are not able to join them.
“Passwords for new meetings have been enabled by default since late last year, unless account owners or admins opted out. We are looking into unique edge cases to determine whether, under certain circumstances, users unaffiliated with an account owner or administrator may not have had passwords switched on by default at the time that change was made.”, Zoom commented.
If you want to password-protect your meetings by yourself, you can do that by following the following simple steps.
- Click on the “Meetings tab”.
- Click the “Edit” button under your personal meeting ID.
Check the “Require meeting password” box and set a password, then save. The steps are similar in the mobile app.Read more:
- Ex-NSA Hacker finds new Zoom flaws in Macs which put webcams, mics, and root access at risk
- Zoom’s best month could also be its worst due to privacy concerns