It has been reported that a team of security researchers found they could tap into Webex and Zoom video meetings because many weren’t protected with a code. Researchers programmed a bot to cycle through lists of valid meeting IDs and get access to active conference calls. The vulnerability works because many companies and users don’t protect their meetings with a password, either for convenience or they had not checked their default settings, coupled with a limited pool of meeting IDs. By targeting the platforms’ APIs, they were able to automate the process.
Some rudimentary user education would help people make better choices. For example, when running an online meeting, make sure you can identify all users who have joined. Furthermore, if you expect that any part of the meeting is information you want to keep confidential, use the password feature to protect the meeting from casual intruders. Meeting recordings should be protected with similar vigilance. For example, recording files should not be placed on unauthenticated servers, and any links to streaming recordings should be protected by some form of authentication.