Password Protect Your Zoom Meeting To Avoid Being Found
The security expert Brian Krebs said that an automated tool found around 100 Zoom meeting IDs in an hour and info for nearly 2,400 Zoom meetings in a single day of scan.
A Kansas City-based security meetup group led by security professional Trent Lo and members of SecKC developed a program called zWarDial that can automatically guess 9 to 11-digit long Zoom meeting IDs and draw info about those meetings.
zWarDial automated tool
This tool can find around 100 meetings per hour. It can successfully determine a legitimate meeting ID 14% of time. Also, the program extracted critical info like date and time, meeting organizer and topic of a meeting after scanning nearly 2,400 upcoming or recurring Zoom meetings in a single day.
In January, Zoom implemented a feature that would block repeated attempts to scan for meetings but zWarDialroutes searches through Tor to avoid Zoom’s blocking. But the program can’t find meetings that are password protected.
Zoom encourages users to make passwords
Zoom said in a statement that it strongly encouraged users to implement passwords. The statement further read that passwords for new meetings had been enabled by default since last year, but users were provided the option to opt out of the passwords.
Users can password protect their meetings by enabling the option under the “Meetings” tab in the app and clicking the “Edit” button under their personal meeting ID. They will require checking the “Require meeting password” checkbox and then entering passwords to use for their meetings.