Zoom will enable meeting passwords and virtual waiting rooms by default to help stop 'Zoombombing' incidents (ZM)
Zoom is improving the security settings on its app, after facing backlash from users. Starting April 5, Zoom will require passwords if a user tries to enter a meeting using just the meeting ID instead of the meeting invite link. It will also turn virtual waiting rooms on by default, so the meeting host will have to manually allow others to join the meeting. These changes are meant to prevent trolls or hackers from entering Zoom calls to share indecent messages or harass users — incidents called "Zoombombing." The new security enhancements come after Zoom CEO Eric Yuan apologized for the many privacy and security issues users found with the app and said the company will take steps to address it. Visit Business Insider's homepage for more stories.
Zoom is taking steps to make its app more secure, after facing backlash from users about the privacy and security settings of its product. Starting April 5, Zoom will require passwords if a user tries to enter a meeting using just the meeting ID instead of the meeting invite link. It will also make virtual waiting rooms on by default, so the meeting host had to manually allow others to join the meeting. These two changes will apply to free users and people who have personally upgraded their account to the first level of a paid plan. "We're always striving to deliver our users a secure virtual meeting environment. Effective April 5, we are enabling passwords and virtual waiting rooms by default for our Free Basic and Single Pro users. We strongly encourage all users to implement passwords for all of their meetings," Zoom said in a statement. This comes after so-called "Zoombombing" incidents, where hackers or trolls will enter random Zoom calls to share indecent messages or other spam, became a frequent occurrence. Zoombombing affected online classes, corporate gatherings, and even virtual Alcoholics Anonymous meetings. In an email sent to users on Friday the company said: "we've chosen to enable passwords on your meetings and turn on Waiting Rooms by default as additional security enhancements to protect your privacy." It also said previously scheduled meetings will have passwords enabled as well. The company also explained how to find meeting passwords. "For meetings scheduled moving forward, the meeting password can be found in the invitation. For instant meetings, the password will be displayed in the Zoom client. The password can also be found in the meeting join URL," the email to users said. Zoombombing is a big issue The new security enhancements come after Zoom CEO Eric Yuan apologized for the many privacy and security issues users found with the app and said the company will take steps to address it. One of those steps is stopping the implementation of any new features so the company can focus on solving existing privacy and security concerns. The rise of Zoombombing prompted the FBI to warn users about the problem earlier this week, and the New York Attorney General to send a letter to Zoom asking what new security measures the company has put in place, if any, to protect user privacy amid its huge surge in usage. The problem stems from the fact that anyone can join any open Zoom call if they find the meeting ID. Hackers have come up with tools to create giant lists of random meeting IDs, giving them a wide set of calls to crash in on, without knowing what they're walking into. The only ways to prevent it are to put a password on the meeting, or to use a virtual waiting room so the host can vet those who are joining. Yuan has said that its privacy struggles are rooted in the fact that it was originally intended for businesses, not consumers. But with shelter-in-place and social distancing mandates across the globe to help stop the spread of coronavirus, Zoom's user base has grown exponentially — 200 million daily free and paying users in March, up from 10 million at the end of December. Got a tip? Contact this reporter via email at email@example.com or Signal at 925-364-4258. (PR pitches by email only, please.) You can also contact Business Insider securely via SecureDrop.Join the conversation about this story » NOW WATCH: Why electric planes haven't taken off yet
More like this (3)
Zoom security advisor Alex Stamos explains how the acquisition of Keybase will help the red-hot videoconferencing app address its 'unique' challenges in adding end-to-end encryption (ZM)
On Thursday, Zoom announced the acquisition of Keybase, a secure messaging and file sharing service, to...On Thursday, Zoom announced the acquisition of Keybase, a secure messaging and file sharing service, to help get the talent and technology to shore up the security and privacy of its app. Alex Stamos, the former Facebook security chief who's also a security advisor to Zoom CEO Eric Yuan, said that the acquisition of Keybase was a necessary step to move quickly in addressing Zoom's well-documented security issues. Stamos praised Keybase as having the right expertise to build user-friendly apps that are also safe and secure — something that's very important to Zoom, he says. Even once Zoom's current privacy woes are over, Stamos says that having Keybase's talent on hand will help the company address future privacy and security issues. Stamos didn't comment on whether this means more cybersecurity acquisitions are in the works at Zoom, but analysts we spoke to say it could be a good idea. Click here to read more stories from BI Prime. Zoom on Thursday announced its first acquisition, bringing on Keybase, a secure messaging and file sharing service. The company says that it's all a part of the 90-day plan it announced in April to shore up the security and privacy of its app after its meteoric rise to mainstream success came with its share of controversy. A big part of that plan is building end-to-end encryption into the Zoom videoconferencing app itself — a security feature that Zoom had long billed itself as already having, before it came out in April that its marketing had been misleading. Alex Stamos, a security advisor to Zoom CEO Eric Yuan who's best known as the former chief security officer of Facebook, said that this acquisition was the right move as a next step in that 90-day plan. Keybase brings Zoom the right talent and technology to tackle the considerable challenge of adding end-to-end encryption at the scale required. Apple's FaceTime, just as an example, has end-to-end encryption — but each call can only hold 32 people at a time. A Zoom meeting, however, can hold up to 1,000 people in a single meeting, and up to 50,000 in a webinar. That's coupled with the fact that you don't need a Zoom account to join a Zoom call. Stamos said that this makes encryption a unique challenge for Zoom. Stamos said that Zoom executives realized the quickest way to build it was to find an existing team who had the right team and technologies, but also a focus on building user-friendly products. "That was clear with Keybase, they built a very secure product that's also shockingly usable," Stamos told Business Insider. "There's lots of smart cryptographers in academia, but they've never had to actually ship something that people have to use, so finding a team that has, it was, you know, allowed us to really accelerate the process." To that point, Stamos says that Zoom not only has to improve the security of its platform, but also has to make sure it does it in a way that doesn't confuse users or make the app harder to use. That's why Keybase and its user-friendly design team was so desirable. How the Keybase acquisition fits into Zoom's 90-day plan Even once the 90-day plan is in the rear-view mirror, Stamos said, Keybase gives Zoom a leg up with addressing future security problems. The work itself is "never over," Stamos said. "But the goal is by the end of the 90 days to have a team that is staffed up and organized in a way that makes sense for the importance of the company now." Stamos anticipates that the pandemic will last for a while longer, and so too will Zoom's newfound popularity with consumers. With that in mind, Zoom has to think beyond its original purpose of serving business customers, and consider all the new security and privacy issues that can pop up. That's why some of Keybase will form the core of a new security engineering team at Zoom. Zoom is also expanding its trust and safety team to include engineers and product managers, the same way that consumer technology companies like Stamos' former employers at Facebook have done. It's also doubling down on initiatives like searching for stolen Zoom credentials on the dark web to inform users — again, something consumer tech companies do. It's a proactive step, Stamos says: The threats that Zoom faces are relatively small compared to those seen by larger companies. But as usage of Zoom continues to surge, the problems will only get worse. It's doing this reorganization by hiring rapidly, Stamos said, and now aided by acquiring Keybase's engineers as well. Stamos didn't comment on if Zoom would look to do more acquisitions to get key technology and talent as it seeks to improve its privacy and security. Analysts say the Keybase deal could open the door to more acquisitions Analysts who follow Zoom said it would make sense for the company to acquire more startups like Keybase to add the necessary technology and talent it needs as part of this process. "I wouldn't be surprised if Zoom made more of these tuck-in acquisitions, especially as it pertains to security and privacy," Rishi Jaluria, an analyst at D.A. Davidson, told Business Insider. "I would expect this would lean towards smaller companies where Zoom is buying the company for the technology and the talent, not for revenue or actual products." Dan Newman, an analyst at Futurum Research, agreed, and said that given the fact that the current economic climate has driven prices down on a lot of companies, this is an opportune time to be looking for new technology. "I think it would be intelligent to be out shopping for some key technologies that might enhance the company's security, increase its support, improve the customer and user experience," Newman told Business Insider. He adds that the Keybase acquisition if it integrates the technology well, could be a huge benefit to Zoom going forward and give it much more credibility with its business users. Got a tip? Contact this reporter via email at firstname.lastname@example.org or Signal at 925-364-4258. (PR pitches by email only, please.) You can also contact Business Insider securely via SecureDrop.Join the conversation about this story » NOW WATCH: What makes 'Parasite' so shocking is the twist that happens in a 10-minute sequence
The NYC Department of Education is reversing its ban on Zoom after the company addresses its security and privacy concerns (ZM)
New York City schools are once again allowed to use Zoom for online learning, after the...New York City schools are once again allowed to use Zoom for online learning, after the district banned the red-hot videoconferencing app in early April. Zoom made several fixes to address the NYC Department of Education's concerns about privacy and security for students and teachers using the tool, city officials told Chalkbeat. Schools and students will now have access to Zoom through a central NYC Department of Education account with the necessary privacy and security features automatically enabled, according to a letter from NYC Department of Education Chancellor Richard A. Carranza to families. Zoom CEO Eric Yuan told Business Insider in April that he was working with the New York City school district to create a comprehensive, district-wide plan to use Zoom and address the district's concerns. Visit Business Insider's homepage for more stories. New York City schools are once again allowed to use Zoom for online learning, the videoconferencing company and NYC Department of Education both said on Wednesday. The school district banned the use of Zoom for online education on April 4 over privacy and security concerns involved in using the app. Zoom agreed to make some changes to address the city's concerns about privacy and security for students and teachers using the tool, education department officials told Chalkbeat. According to a letter from NYC Department of Education Chancellor Richard A. Carranza to families, schools and students will now have access to a central NYC Department of Education Zoom account with specific data encryption and storage settings that the district requested Zoom implement for all its users. "Our new agreement with Zoom will give your children another way to connect with their schools, teachers and school staff. We are excited to be able to have another safe and secure option for school communities to use during this unprecedented time," Carranza said in the letter. There are also new settings to make sure only NYC Department of Education-approved participants and guests can join virtual classrooms, as well as additional controls over each meeting for hosts. Those settings seem designed to discourage "Zoombombing," where pranksters and trolls crash Zoom meetings and display pornography or other indecent material to other participants. Zoom CEO Eric Yuan told Business Insider in April that he was working with the New York City school district to create a comprehensive, district-wide plan to use Zoom that will make sure there are overarching security settings baked into every teacher and student's account. "We are proud that the New York City Department of Education has made Zoom available as an approved home-based learning platform to educators and staff across the city for secure and frictionless remote education to the city's over 1.1 million students," Yuan said in a statement provided to Business Insider on Wednesday. "We look forward to continued partnership with the DOE and service to the educators and students in New York." Why NYC banned Zoom in the first place New York City schools started remote learning on March 23, with many teachers turning to Zoom because it was simple to set up and start using. Zoom lifted the 40 minute time limit for K-12 schools in countries affected by the pandemic beginning in early March. However, Zoombombing concerns led the New York City Department of Education to ban Zoom entirely in early April. These concerns prompted warnings from the FBI and demands for increased user privacy from the New York Attorney General. After Zoom was banned, the department directed teachers to use alternative tools like Microsoft Teams and Google Classroom. However, not all were happy about this move: It disrupted the learning process, as teachers had to figure out a brand-new tool while already under the pressures of shifting to remote education. Schools can continue using Google Classroom or Microsoft Teams if they prefer. Some teachers posted on Twitter to say they were happy to be able to use Zoom again. And just like that...Zoom is back! Thank you to @nycschools for the return to a great learning platform! #everylearnereveryday #leadersinourlearning pic.twitter.com/PIYNezrq7U — P.S. 304 The Early Childhood Lab School (@PS304X) May 6, 2020 When you find out @NYCSchools can use @zoom_us again! pic.twitter.com/QjT8pyhAaf — Miguel Negron (@AP_Negron) May 6, 2020 Zoom has implemented several changes in the last month to improve the privacy and security of its tool. This includes turning passwords and virtual waiting rooms on by default for free users and K-12 education accounts. Got a tip? Contact this reporter via email at email@example.com or Signal at 925-364-4258. (PR pitches by email only, please.) You can also contact Business Insider securely via SecureDrop.Join the conversation about this story » NOW WATCH: Pathologists debunk 13 coronavirus myths
Covid-19 has forced millions into the unfamiliar world of the home office, where new security threats...Covid-19 has forced millions into the unfamiliar world of the home office, where new security threats loom. Here’s how to protect yourself and colleaguesBusinesses are used to being prepared for a disaster and most will have had a well-rehearsed continuity plan in place in case one struck. But even the best plan couldn’t have effectively anticipated the wholesale overnight shift to home working that Covid-19 has caused.“As a result,” Morgan Wright, chief security adviser at cybersecurity firm SentinelOne says, “issues of privacy, collaboration, access and compliance have highlighted weakness in policies and gaps in security.” One of the problems is that even at many larger companies, being caught on the hop by the lockdown has meant that individual departments have been left to find their own ways to work collaboratively. Continue reading...