Security News > 2020 > April > ‘War Dialing’ Tool Exposes Zoom’s Password Problems

According to data gathered by a new automated Zoom meeting discovery tool dubbed "zWarDial," a crazy number of meetings at major corporations are not being protected by a password.

Lo said a single instance of zWarDial can find approximately 100 meetings per hour, but that multiple instances of the tool running in parallel could probably discover most of the open Zoom meetings on any given day.

Given the preponderance of Zoom meetings exposed by security and technology companies that ostensibly should know better, KrebsOnSecurity asked Zoom whether its approach of adding passwords by default to all new meetings was actually working as intended.

Dave Kennedy, a security expert and founder of the security consultancy TrustedSec, penned a lengthy thread on Twitter saying while Zoom certainly has had its share of security and privacy goofs, some in the security community are unnecessarily exacerbating an already tough situation for Zoom and the tens of millions of users who rely on it for day-to-day meetings.

SecKC's Lo said organizations using Zoom should avoid posting the Zoom meeting links on social media, and always require a meeting password when possible.

News URL

https://krebsonsecurity.com/2020/04/war-dialing-tool-exposes-zooms-password-problems/