Eric Yuan, CEO Zoom, recently announced that the video conferencing service is enacting a 90-day feature freeze to focus on fixing security vulnerabilities. As of April 5, Zoom will be requiring passwords to be entered before a user is added to a meeting, according to Tech Crunch. Moreover, virtual meeting rooms will be turned on by default, giving the host the ability to manually admit attendees into the session. In an email sent to users, Zoom said:
“We’ve chosen to enable passwords on your meetings and turn on Waiting Rooms by default as additional security enhancements to protect your privacy.”
These changes are being rolled out in an effort to prevent "zoombombing", in which attackers may spook in and disrupt the session. Recently, there have been reported instances where sessions were disturbed by unidentified individual(s) screen sharing offensive photos, yelling profanities and spamming chat threads.
Yuan recently stated in a blog post that it had not foreseen the spike in the number of users, and Zoom had been initially designed for enterprise users. Now, the service is being increasingly used by millions of people across the globe as they have switched to working from home to curb the spread of COVID-19. However, researchers have recently reported several methods that attackers can use to infiltrate Zoom sessions.