Zoom has introduced new security features to its video conferencing software to prevent Zoombombing.
The first function Zoom has added is the equivalent of an emergency brake for a call. This allows hosts and co-hosts to pause all the activity in a session, including chat, video, and audio. This allows them to stop the broadcast of illicit material while they take action to deal with any intruders.
Unwanted participants can be reported to Zoom’s Trust & Safety team and automatically kicked from the call.
Once the intruder has been removed, the hosts will be able to restart certain portions of the call, keeping other functions down if necessary, to ensure the distribution of unwanted material remains shut down.
Zoom has also enabled the Suspend Participant Activities feature by default for both free and paid users.
In addition, Zoom has added a new function that assesses and warns users of potential Zoombombing. The At Risk Meeting Notifier function scans social media and other public websites for links to the meeting and suspicious hashtags to discover whether the meeting may be targeted for an attack.
The admins are then notified via email with advice on how to proceed with the call.
“These steps could include deleting the vulnerable meeting and creating a new one with a new meeting ID, enabling security settings, or using another Zoom solution, like Zoom Video Webinars or OnZoom,” the company said in a statement.
“If you do get an email, it’s critical to take action or risk having your meeting disrupted.”
The features are set to be rolled out later this year in version 5.4.3 of Zoom’s desktop and mobile apps. They will be enabled by default for all free and paid users.
Since the start of the pandemic, Zoom has become the go-to tool for remote workers, as well as for physically distanced social gatherings, and for mass public events, such as conferences and workshops.
However, publicly accessible events have been interrupted by so-called Zoombombers –intruders who access Zoom sessions and post inappropriate material to disrupt the event.
While password protection provides one layer of security, should the password be leaked, Zoombombers can access a call, where they post content ranging from obscene, to hateful, to criminal.
The increased reliance on Zoom by education during the pandemic has made schools and universities particularly vulnerable to Zoombombing, with students accused of being behind leaked passwords.
- Data Protection Summit 2020 | The biggest ICO fines ever issued
- Leader Insights | Flexibility and security with Alan Smillie, Softworx
- Russian and North Korean hackers ramp up vaccine research attacks
Zoom’s ubiquity during the coronavirus pandemic has brought it under additional scrutiny. The company was previously criticised for its lack of end-to-end encryption on free calls, meaning messages could potentially be read, either by authorities or cyberattackers.
Pressure increased this month for the company to increase security over claims by the US Federal Trade Commission that the company lied about the level of encryption it provided.
The company purchased secure messaging service Keybase in May to help it rollout scalable end-to-end encryption across all its services. This was finally rolled out at the end of October, though it came at the expense of certain functions, including cloud recording, live transcription, or being able to join the call by phone.