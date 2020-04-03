According to a new report from security expert Brian Krebs, an automated tool developed by security researchers can find around 100 Zoom meeting IDs in one hour and information for about 2,400 Zoom meetings in a single day of scans.

Security professional Trent Lo and members of SecKC, a Kansas City-based security meeting group, created a program called zWarDial that can automatically guess Zoom meeting identifications, which are between nine and 11 digits, and collect information on those meetings, according to the report. .

In addition to being able to find around 100 meetings per hour, a zWarDial instance can successfully determine a legitimate meeting ID 14 percent of the time, Lo said. Krebs on safety. And as part of the nearly 2,400 upcoming or regular Zoom zWarDial meetings found in a single day of scanning, the program extracted the Zoom link, date and time, meeting organizer, and meeting topic, according to the data shared with Lo Krebs on safety.

The automated conference meeting search engine Zoom & # 39; zWarDial & # 39; Discover ~ 100 meetings per hour that are not password protected. The tool has also prompted Zoom to investigate whether its default password approach could be malfunctioning https://t.co/dXNq6KUYb3 pic.twitter.com/h0vB1Cp9Tb – briankrebs (@briankrebs) April 2, 2020

In January, security researchers at Check Point Research said Zoom had implemented a feature that would block repeated attempts to scan for meeting IDs after their own disclosure of a way to identify valid Zoom meeting IDs. zWarDial bypasses Zoom blocking when routing searches through Tor, Lo told Krebs on safety.

However, zWarDial cannot find meetings that are password protected, according to Lo. By default, Zoom says it password-protects new meetings, instant meetings, and meetings that are accessed by manually entering a meeting ID, so the fact that zWarDial can find as many meeting IDs as possible suggests that many meetings Zoom still don't I don't have a password.

"Zoom strongly recommends that users implement passwords for all of their meetings to ensure that uninvited users cannot join," Zoom said in a statement to The edge. “Passwords for new meetings have been enabled by default since the end of last year, unless account owners or administrators have been excluded. We are investigating unique boundary cases to determine whether, under certain circumstances, users not affiliated with an account owner or administrator may not have enabled passwords by default at the time the change was made. "

If you want to password protect your meetings, you can do it in the Zoom app by going to the "Meetings,quot; tab, clicking the "Edit,quot; button under your personal meeting ID, checking the "Request meeting password,quot; check box "and then enter a password to use in your meetings. The steps are similar in the mobile app.

Zoom use has skyrocketed as more people have come to trust the video conferencing application during the COVID-19 pandemic, but that increased use has highlighted a litany of security and privacy issues with the service.

For example, trolls have been able to make "Zoombomb,quot; calls, a problem with Zoom's "Company Directory,quot; setting could filter emails and photos from users, and Zoom confirmed that The interception that video calls in the application are not end-to-end encrypted as the company claims. To help address these issues, Zoom has announced a 90-day freeze on the release of new features and will focus on fixing privacy and security issues.

Update, April 2, 8:16 p.m. ET: Added a Zoom statement.