Zoom Rolls Out Security Updates Following Zoombombing and Glaring Security Failures

Illustration for article titled Zoom Rolls Out Security Updates Following Zoombombing and Glaring Security Failures
Image: Zoom

Zoom, the video conferencing app that’s seen an utterly staggering spike in usage during the coronavirus pandemic, has been the subject of ongoing reporting over its egregious security failures—which include, among other things, misrepresenting its encryption protocols.


As part of its previously announced 90-day plan to fix the issues on its service and beef up its security, Zoom announced Wednesday a series of updates that include support for AES 256-bit GCM encryption as well as features intended to make controlling security aspects of Zoom meetings more intuitive. The Zoom 5.0 update, which is rolling out this week, also introduces the ability to report a user to Zoom and enables the waiting room feature and meeting passwords by default.

Earlier this month, Zoom introduced a security icon so hosts can quickly access tools to limit the way participants on a call can engage—a feature that may help curb so-called Zoombombings. The icon allows a host to do things like lock the meeting, remove participants, and control participants’ ability to share their screens, chat, or rename themselves.

Zoom’s security flaws have led the service to be banned in some classrooms as well as by the U.S. Senate, and have made the company the subject of multiple investigations. Companies like Google have prohibited use of the service, citing cybersecurity concerns. And earlier this month, Zoom was sued by a shareholder who alleged the company misrepresented its security protocols by claiming it supported end-to-end encryption when in fact it supported transport encryption. Zoom has not had an especially great last few weeks, is what I’m saying.

Zoom CPO Oded Gal said in a statement that this week’s changes are meant to help the millions of new users flocking to the service find necessary security tools while using the service.

“From our network to our feature set to our user experience, everything is being put through rigorous scrutiny,” he said. “I’m most excited about the Security icon in the meeting menu bar. This takes our security features, existing and new, and puts them front and center for our meeting hosts.

These changes are certainly a start, but Zoom CEO Eric S. Yuan said this week the updates are “just the beginning.” Let’s hope so—because the first stab Zoom took at this whole security thing failed spectacularly.



because the first stab Zoom took at this whole security thing failed spectacularly.

You guys need to tone it down and actually speak to the facts that the VAST MAJORITY of issues were all caused by users not Reading the Flipping Manual before rolling out a Video Conferencing service to their environment.

Waiting rooms, passwords, the ability to not allow participants to un-mute or to share screen are ALL FEATURES THAT EXISTED BEFORE COVID19.

Just because the dummies who rolled it out did not train thier users on this or make it mandatory for their account does not make it zoom’s fault.

Yes the end to end encryption bit is on them... but that is not what led to zoom bombings.