SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image

Zoom announces new updates in response to privacy criticisms

Thu, 23rd Apr 2020
FYI, this story is more than a year old

After much criticism over its privacy and security policies, Zoom is looking to bounce back and consolidate the sweeping gains it made in March as millions across the world isolated in response to COVID-19.

In direct response to the heavy criticism it has received recently from reports of meeting-spying and shoddy privacy protocols, Zoom has announced ‘robust' security enhancements in its new update Zoom 5.0.

Intense scrutiny was aimed at the company when it emerged that, despite Zoom advertising its service as having ‘end-to-end' encryption, in reality, it did not, or at least not in the commonly accepted definition of the term.

Zoom also faced reports of ‘Zoom-bombing' – the act of threat actors covertly hacking into Zoom meetings to eavesdrop, and an ongoing lawsuit in California in which Zoom was accused of sharing user data with Facebook.

The company says the update, which is slated for release ‘within the week' is a key milestone in its three-month plan to identify and enhance its privacy and security capabilities.

The primary change in its protocol comes in the form of new support for AES 256-bit GCM encryption.

“We will earn our customers' trust and deliver them happiness with our unwavering focus on providing the most secure platform,” says Zoom chief executive officer Eric S. Yuan. 

The changes AES 256-bit GCM encryption

Zoom is upgrading to the AES 256-bit GCM encryption standard, which it says will offer increased protection of meeting data in transit and resistance against tampering.

Zoom 5.0 supports GCM encryption, and the standard will take effect once all accounts are enabled with GCM, says the company.

Control Data Routing

The account admin may choose which data center regions their account-hosted meetings and webinars use for real-time traffic at the account, group, or user level.

Meeting password complexity

Meeting passwords, an existing Zoom feature, is now on by default for most customers, including all Basic, single-license Pro, and K-12 customers.

For administered accounts, account admins now have the ability to define password complexity.

Dashboard enhancement

Admins on business, enterprise, and education plans can view how their meetings are connecting to Zoom data centers in their Zoom Dashboard.

This includes any data centers connected to HTTP Tunnel servers, as well as Conference Room Connectors and gateways.

“We take a holistic view of our users' privacy and our platform's security,” says Zoom chief privacy officer Oded Gal.

“From our network to our feature set to our user experience, everything is being put through rigorous scrutiny.

“On the back end, AES 256-bit GCM encryption will raise the bar for securing our users' data in transit.

“On the front end, I'm most excited about the Security icon in the meeting menu bar. This takes our security features, existing and new, and puts them front and center for our meeting hosts.

“With millions of new users, this will make sure they have instant access to important security controls in their meetings.

Follow us on: