sb-nz logo
Story image

Zoom announces new updates in response to privacy criticisms

After much criticism over its privacy and security policies, Zoom is looking to bounce back and consolidate the sweeping gains it made in March as millions across the world isolated in response to COVID-19.

In direct response to the heavy criticism it has received recently from reports of meeting-spying and shoddy privacy protocols, Zoom has announced ‘robust’ security enhancements in its new update Zoom 5.0.

Intense scrutiny was aimed at the company when it emerged that, despite Zoom advertising its service as having ‘end-to-end’ encryption, in reality, it did not, or at least not in the commonly accepted definition of the term. 

Zoom also faced reports of ‘Zoom-bombing’ – the act of threat actors covertly hacking into Zoom meetings to eavesdrop, and an ongoing lawsuit in California in which Zoom was accused of sharing user data with Facebook.

The company says the update, which is slated for release ‘within the week’ is a key milestone in its three-month plan to identify and enhance its privacy and security capabilities.

The primary change in its protocol comes in the form of new support for AES 256-bit GCM encryption. 

“We will earn our customers’ trust and deliver them happiness with our unwavering focus on providing the most secure platform,” says Zoom chief executive officer Eric S. Yuan. 

The changes

AES 256-bit GCM encryption

Zoom is upgrading to the AES 256-bit GCM encryption standard, which it says will offer increased protection of meeting data in transit and resistance against tampering. 

Zoom 5.0 supports GCM encryption, and the standard will take effect once all accounts are enabled with GCM, says the company.

Control Data Routing

The account admin may choose which data centre regions their account-hosted meetings and webinars use for real-time traffic at the account, group, or user level.

Meeting password complexity

Meeting passwords, an existing Zoom feature, is now on by default for most customers, including all Basic, single-license Pro, and K-12 customers. 

For administered accounts, account admins now have the ability to define password complexity.

Dashboard enhancement

Admins on business, enterprise, and education plans can view how their meetings are connecting to Zoom data centres in their Zoom Dashboard. 

This includes any data centres connected to HTTP Tunnel servers, as well as Conference Room Connectors and gateways.

“We take a holistic view of our users’ privacy and our platform’s security,” says Zoom chief privacy officer Oded Gal.

“From our network to our feature set to our user experience, everything is being put through rigorous scrutiny. 

“On the back end, AES 256-bit GCM encryption will raise the bar for securing our users’ data in transit. 

“On the front end, I’m most excited about the Security icon in the meeting menu bar. This takes our security features, existing and new, and puts them front and center for our meeting hosts. 

“With millions of new users, this will make sure they have instant access to important security controls in their meetings.”

Story image
Microsoft signs BNZ as one of first NZ data centre region customers
“We have a bold ambition to fully embrace digital technologies, and Azure, available in a New Zealand data centre, is going to be a key enabler.”More
Story image
Ping Identity announces appointment of new VP of R&D
In his new role as head of research and development, Burke will be expected to drive product strategy and development across Ping Identity’s entire suite of solutions.More
Story image
Three security essentials for financial services
Financial services organisations must provide the best possible customer experience in terms of mobile and online application availability, performance and security, writes Gigamon country manager for A/NZ George Tsoukas.More
Story image
Creating a strong culture of security within organisations
CISOs worldwide are inherently aware of how significant investment in cybersecurity strategies and technologies can bolster an organisation’s protection against cyberattacks. However, many overlook the importance of culture when it comes to cybersecurity.More
Story image
Essential tools for managing user identity and how they impact your bottom line
Customer identity and access management (CIAM) is how companies give their end-users access to their digital properties, as well as how they govern, collect, analyse, and securely store data for those users.More
Story image
ExtraHop reveals methods used by attackers in SUNBURST breach
The network detection and response company says between late March and early October 2020, detections of probable malicious activity increased by approximately 150%, including detections of lateral movement, privilege escalation and command and control beaconing.More