April 14, 2020 Zoom Security and Privacy Updates

Recent changes to improve the security and privacy of Zoom include the following:

Configure meeting and webinar password requirements

Account owners and admins can now configure minimum meeting password requirements, including a minimum length, requiring letters, numbers, special characters, or only allowing numeric passwords. Past meetings scheduled with passwords will not be impacted. 

Meeting IDs up to 11 digits in length

One-time random meetings IDs for newly scheduled meetings and webinars can now be up to 11 digits long. Your Personal Meeting ID (PMI) will remain the same and already scheduled meetings will not be impacted. 

Password for Cloud Recordings 

We updated password guidelines for hosts when sharing their cloud recordings for meetings and webinars. The default will now be ON and require a complex password to access a shared recording. Existing shared recordings will not be impacted. 

Re-enable Third-party File Sharing

We have restored the functionality to share files from third-party platforms such as Dropbox or OneDrive if configured for their Zoom account, for users on version 4.6.11.

Performance Tuning for Dashboard Data

Fixed performance issues related to missing data and delay on dashboard and reporting. We will continue to make improvements to this area. 

App Version

The app version is accurately reflected in all areas. 

Message Preview Control (Only Applicable to Zoom Chat Users)

Users can enable or disable a setting to show a message preview for chat messages.

Please be advised that additional steps are needed to prompt phone-in Zoom participants for a password - otherwise, anyone with access to the meeting ID can call in. We have not seen incidents of Zoombombing in this manner but wanted to bring it to attention. You can read more about it here: blog.trustedci.org/2020/04/the-extra-zoom-setting-you-may-not-know_8.html

The latest software release can be accessed at: zoom.us/download. You can also update from within your Zoom application.

If you’d like to keep an eye on the latest Zoom CVEs, visit the National Vulnerability Database. The UCSB Information Security team will continue to notify staff of any issues concerning Zoom. Please tell Information Security you have suggestions or needs that are not being met with these messages.

Information Security monitors the Zoom blog, but feel free to check it yourself at blog.zoom.us/.

Contact security@ucsb.edu if you have any questions or concerns.