Video-conferencing startup models recovery plan on a Microsoft push years ago to boost Windows security
The COVID-19 crisis has given video conferencing app Zoom a huge surge in users, but it’s also highlighted multiple security and privacy issues. Amid reports of Zoom bombers andvideos of chats available online, the firm is now feeling the harsh repercussions of that rapid growth.
It’s led to rivals trying to cash in on Zoom’s misfortunes, with Microsoft promoting the secure credentials of its Teams video calling, and Google publishing a blog pushing its Google Meet video conferencing service.
It is no surprise that people are worried about Zoom’s security, but I have to say the company’s response has so far been impressive. It’s not trying to hide security issues–fixing problems for Mac and Windows users very quickly.
Zoom founder and CEO Eric Yuan has apologized to users, and the firm is now aiming to make the service more secure by default. In other words, users don’t have to try as hard because the security and privacy are built in from the start.
Here are some of the key changes Zoom is making:
More Zoom meeting controls for hosts including a new option called “Security”
Announced on April 8, a recent Zoom change is an option called “Security” that will allow hosts to quickly respond to issues such as Zoom bombing by locking the meeting or removing participants. It will also restrict those taking part in the meeting from sharing their screens or renaming themselves.
The aim of the security icon, which replaces the invite button in the meeting controls, is to make sure everything security related is in one place rather than scatted across the service.
At the same time, the Waiting Room function is now on by default. This means hosts have to manually let their guests into the meeting, helping prevent Zoom bombers from suddenly breaking in.
Another important security update will see passwords turned on by default to ensure that all users properly secure their meetings.
Meeting IDs will no longer be displayed
As the world took to Zoom during the COVID-19 crisis, many people proudly displayed their meetings or chats with friends via social media. But sadly, not everyone obscured their Meeting ID–even the U.K. prime minister Boris Johnson’s Cabinet. It’s a major risk to display your Meeting ID, because it can allow uninvited guests to crash the chat.
For this reason, Zoom will no longer display the Meeting ID on the title toolbar. Instead, the title of all meetings will read “Zoom”, so you can go ahead and post your screen online if you so wish. Just crop the image to avoid showing any other icons on your PC, such as your browser, which could be used by hackers as information to help target you.
Zoom takes on former Facebook CSO Alex Stamos as a security consultant
In a very smart move, Zoom has hired former Facebook CSO Alex Stamos as an outside consultant.
It came after he posted a series of tweets discussing Zoom’s security challenges and detailing how the firm could respond. In a blog, Stamos described how he received a phone call from Zoom’s founder and CEO Eric Yuan, who asked him to help build up the firm’s security and privacy.
No new features to allow Zoom to focus on security, CISO council and bug bounty
Zoom announced just over a week ago that it would freeze all new features immediately to focus on security after it increased its users from 10 million to 200 million in just a few months. During COVID-19, this has been a common practice by software providers already, with Google and Microsoft holding back on Chrome and Edge browser features to focus on security.
In addition, Zoom is launching a “CISO council” to help it overcome security and privacy problems, while it will penetration test its platform and enhance its bug bounty program.
After weeks of security issues, does Zoom deserve a chance?
There’s no doubt Zoom is making multiple moves to try and make its service more secure. Is it too late? Perhaps for some, but I think Zoom also deserves another chance. It’s not as secure as it needs to be yet, so for now I’d advise people to avoid using it for very sensitive meetings such as discussions with your therapist.
But for other uses, such as exercise classes, I’d feel more comfortable that the service is secure. Zoom’s trying to be better, and that’s a lot more than some other companies are doing.