Zoom recently agreed to settle allegations of lax cybersecurity and misrepresentation of the level of encryption provided by its teleconferencing platform with the U.S. Federal Trade Commission (FTC). The settlement required Zoom to implement additional security controls and accurately describe the security features of the platform moving forward, although the company was able to avoid a financial penalty.
Just a few days after the settlement was announced, Zoom has implemented new security features to tackle the problem of Zoombombing. Zoombombing is the name given to uninvited individuals joining private Zoom meetings. During the pandemic, when usership of the Zoom platform soared, there were many cases of individuals gatecrashing private meetings, displaying pornographic images to meeting participants, and hurling abuse and racist slurs.
Zoom has now announced that three new control measures have been implemented to prevent uninvited individuals from joining meetings and, should they succeed, ensure the gatecrashers are quickly ejected from the meeting.
A “Suspend Participant Activities” feature has been added to the platform that allows moderators to stop all activity by a meeting participant and temporarily pause the meeting until the individual is ejected. When a meeting host or co-host clicks the suspend participant activities option, “all video, audio, in-meeting chat, annotation, screen-sharing and recording during that time will stop.” The moderator will also have the option to report that individual and provide context, such as screenshots. When the request is submitted, the individual will be ejected from the meeting and it can be resume. The Zoom Trust & Security team will then follow up via email after the meeting has ended. This feature has been made available to all users – free and paid – and is enabled by default.
A second feature is available to all meeting participants that allows an individual to be reported for being disruptive with the click of a mouse, provided this feature has been enabled for the meeting.
The other feature that has been added is a preventative measure that will help to stop uninvited individuals from gatecrashing private meetings. The new tool, named “At-Risk Meeting Notifier,” is an internal security feature that scans public social media posts to identify shared links to Zoom meetings. These shared links place meetings at risk of being Zoombombed. When a publicly shared meeting is identified, an alert will automatically be sent to the account owner and will offer advice on how to address the issue and secure the meeting.
Prior to the FTC settlement in October, Zoom announced it had started rolling out full end-to-end encryption to ensure meeting content remains private and confidential. This was the first of a four-phase rollout of the new feature. The new encryption feature is not enabled by default and must be set up when the meeting is created.