Here’s how Zoom is fixing all of those security issues

Video conference app Zoom is fixing its security flaws– hopefully in time to restore user confidence.
10 April 2020

Zoom founder Eric Yuan is facing questons about the video-conferencing software’s security features. Source: Kena Betancur/Getty Images/AFP

With social distancing directives in place around the globe, it sometimes feels like everyone has at least attempted to use one videoconferencing software or tool since significant space between us became the new normal. Video con calls aren’t just for corporations keeping up company productivity and communication — a fair amount of friends and family have been logging into online interaction tools to keep in touch with each other, play group games, conduct therapy sessions, organize religious ceremonies, and a lot more.

One of the more popular video conferencing apps is Zoom, which has seen an unprecedented explosion in popularity over the past two months. At the onset of 2020, market research analyst Apptopia reported that Zoom had only about 12.9 million users as of January 1.

By April 6, just three calendar months into the year, Zoom was estimating that its worldwide user count had now surpassed 200 million, a meteoric increase that reflects the similar rise in user counts of conferencing web applications in general, all boosted by the need of communities worldwide to stay in touch for work, support, and recreation.

While most of these apps have experienced exponential growth (Cisco CEO Chuck Robbins said that Cisco’s enterprise conferencing tool, Webex, had enabled over 5.5 billion minutes of meetings in the first 17 days of March alone), Zoom has been making the headlines from the get-go, mainly due to generally high video and streaming quality paired with accessible cost (free for the basic version, with a paid enterprise version that gives you a free trial period).

However in recent weeks, Zoom has been marred by controversy as its tech star rose to nose-bleed heights, and much of this was due to security and privacy concerns. Back when it was used by a comparative handful of individuals, Zoom calls featured little in the way of password protection. With only nine to 11-digit identification codes, it was relatively easy for hackers (and those with too much free time) to punch in a random succession of numbers, turn up an actual video con ID and join a call. Having successfully entered the conversation, they could then ‘bomb’ participants with sensitive and offensive material, bombarding them homophobic, racist, and sexist content.

This phenomenon has become known as ‘Zoom bombings’, and the company has struggled to curtail such activity as the app’s user base scaled rapidly.

According to Zoom CEO Eric Yuan, he and his team are now getting a handle on the security deficiencies, as he told CNN’s Brian Stelter:

“We expanded our service but should have enforced passwords, waiting rooms and other security measures earlier. In the last two weeks, we took actions to fix those missteps. The new user cases are very different from our traditional enterprise customers, where they have IT for support.

“The security is coming into place now, and we need to focus on education for consumers. For example, we’re in the process of working with the New York City School District to understand how to use the security settings, to make sure Zoom bombing does not happen again.”

Since April 5, previously scheduled meetings (including those scheduled via a host’s Personal Meeting ID) will have password protection enabled. If attendees are joining via a meeting link, there will be no change to their experience, gaining access to the call directly. For attendees joining meetings by manually entering a meeting ID number, they will then need to enter a password to access the conference.

For Zoom hosts, the number of participants in their waiting room can be managed within the Manage Participants icon. Selecting the Manage Participants tab enables a full list of meeting participants, with hosts able to admit selected individuals manually by clicking on the blue Admit button, or all at once with the Admit All option on the top right-hand side of the screen.

Zoom has also taken to reminding hosts to regularly reshare the updated meeting invitation link, to invited parties only. Users, on the other hand, can check on their regularly scheduled meetings from the Meetings tab. Additionally, Zoom has exacted new features to secure the virtual ‘waiting room’ environment, which interested parties can learn about by visiting here.

These steps are just the beginning of the road to user recovery for Zoom, with the prevalent sentiment being that these security fixes should go some way to alleviating users’ concerns about the app’s security. Zoom’s end-to-end encryption has yet to be fully sorted, so for the time being, other video con apps in the same virtual space such as Jitsi, Microsoft Teams, Google Hangouts, Zoho, and GoToMeeting might be looking to capitalize on Zoom’s early market dominance