Zoom Security: WarDialing and ZoomBombing

As more teams move to working from home, video conferences are exploding in popularity. This brings about new security risks, especially for Zoom users.

"The incidence of ZoomBombing has skyrocketed over the past few weeks, even prompting an alert by the FBI on how to secure meetings against eavesdroppers and mischief-makers."

You've been ZoomBombed when an uninvited guest joins your Zoom conference. Hackers have gotten very creative in their ZoomBombing, and this can lead to enormous privacy and safety concerns.

"One day’s worth of zWarDial scanning revealed information about nearly 2,400 upcoming or recurring Zoom meetings."

With very little effort, attackers are using zWarDial to find and join unprotected Zoom calls.

“Having a password enabled on the meeting is the only thing that defeats [zWarDial]."

So how do you protect your information and people on Zoom conferences?

  • Do not post meeting links on social media
  • Require a password to enter your conference
  • Enable Waiting Room feature and require host approval of all guests

With all the new security issues faced by WFH teams, we are offering our "Security at Home" course for free here.

Give it a try and let us know how we can help your team! - Contact us here!

Original article here.
[https://krebsonsecurity.com/2020/04/war-dialing-tool-exposes-zooms-password-problems/]