Videoconferencing app Zoom has been under fire recently due to security risks users have been facing within the app.  We posted a story last week that referenced a security flaw that allowed hackers to provide Zoom users with a link that would, if clicked on, provide the threat actors with the targeted users Windows credentials.  With all of the criticism the app has been hit with lately, they’ve made a few very important updates that help provide security when using the software.

In an update that occurred on April 5, Zoom meetings will now be automatically password protected, and will also have a “waiting room”. In order to take part in a meeting on Zoom, users will now have to enter a password to join, even if the users has the meeting ID. Users who have been sent a link by the meeting host will not have to enter a password. Once you’ve entered the meeting you’ll be placed in a waiting room that will allow the host of the meeting to select who can and cannot attend the meeting. The waiting room will allow hosts to dismiss users who they do not know, or users who should not be attending that meeting. 

Prior to these new security measures, one popular technique called “Zoombombing” would allow disruptors to interrupt meetings without warning.  To “Zoombomb”, all someone would have to do is find the meeting ID, use it to enter a meeting that was already in-progress, and then disrupt it. With the addition of a waiting room, these interruptions should no longer happen.

Password protection and waiting rooms were features that were available already to users of the video conferencing software, however they were not automatically turned on.

Although Zoom has taken these steps to help improve security, it should be noted that there is still a lot left to be done. For instance, the app has been mining data from users’ computers. Also, meeting are not fully encrypted which leaves any conversation regarding private matters potentially open to the public.

Story via Mashable