Zoom, the video conferencing app that’s seen an utterly staggering spike in usage during the coronavirus pandemic, has been the subject of ongoing reporting over its egregious security failures—which include, among other things, misrepresenting its encryption protocols.
As part of its previously announced 90-day plan to fix the issues on its service and beef up its security, Zoom announced on April 22 a series of updates that include support for AES 256-bit GCM encryption as well as features intended to make controlling security aspects of Zoom meetings more intuitive. The Zoom 5.0 update, which is rolling out this week, also introduces the ability to report a user to Zoom and enables the waiting room feature and meeting passwords by default.
Earlier this month, Zoom introduced a security icon so hosts can quickly access tools to limit the way participants on a call can engage—a feature that may help curb so-called Zoombombings. The icon allows a host to do things like lock the meeting, remove participants, and control participants’ ability to share their screens, chat, or rename themselves.
Zoom’s security flaws have led the service to be banned in some classrooms as well as by the U.S. Senate, and have made the company the subject of multiple investigations. Companies like Google have prohibited use of the service, citing cybersecurity concerns. And earlier this month, Zoom was sued by a shareholder who alleged the company misrepresented its security protocols by claiming it supported end-to-end encryption when in fact it supported transport encryption. Zoom has not had an especially great last few weeks, is what I’m saying.
Zoom CPO Oded Gal said in a statement that this week’s changes are meant to help the millions of new users flocking to the service find necessary security tools while using the service.
“From our network to our feature set to our user experience, everything is being put through rigorous scrutiny,” he said. “I’m most excited about the Security icon in the meeting menu bar. This takes our security features, existing and new, and puts them front and centre for our meeting hosts.”
These changes are certainly a start, but Zoom CEO Eric S. Yuan said this week the updates are “just the beginning.” Let’s hope so—because the first stab Zoom took at this whole security thing failed spectacularly.