Zoom has announced a slew of security enhancements in the upcoming launch of Zoom 5.0, due to be released within the week.
The update will bring 256-bit encryption to the platform along with a number of other security and privacy features designed to made video meetings more secure and less prone to ‘Zoom-bombing’, a trend that has been a thorn in the side of the company since it exploded in popularity amid the coronavirus pandemic.
SEE: Zoom 101: A guidebook for beginners and business pros (TechRepublic Premium)
Zoom labelled the announcement “a key milestone in the company’s 90-day plan to proactively identify, address, and enhance the security and privacy capabilities of its platform”.
Oded Gal, chief product officer at Zoom, said in a blog post: “This takes our security features, existing and new, and puts them front and center for our meeting hosts. With millions of new users, this will make sure they have instant access to important security controls in their meetings.”
Zoom 5.0 will bring both front- and back-end security enhancements to the video-conferencing tool.
Crucially, the platform will be upgraded with the AES 256-bit GCM encryption standard to better protect meetings against hijacking and ensure data is kept secure. Zoom had previously suggested that its platform was already encrypted end-to-end, however this was later revealed to not quite be so.
“This provides confidentiality and integrity assurances on your Zoom Meeting, Zoom Video Webinar, and Zoom Phone data,” Zoom said.
The GCM encryption standard will take effect once all end-user accounts are enabled with GCM, which Zoom said would take place “system-wide” on May 30.
Additional new features include new controls that allow meeting hosts to report users to Zoom – an update earlier disclosed through release notes published on Zoom’s support page. Hosts will be able to report a participant during a meeting by clicking on the Security icon, then Report.
This feature will then generate a report that will be sent to the company to check for misuse and then block a user from the platform if necessary.
To further ensure that unwanted guests are kept out of calls, ‘waiting room’ will be turned on by default for education, Basic, and single-license Pro accounts, so that hosts can approve each participant individually.
Meeting passwords will also be on by default for most customers in Zoom 5.0, Zoom said. For administered accounts, account admins will be able to alter the complexity of meeting passwords; similarly on Zoom’s smartphone client, they can adjust the length of the PIN required for accessing voicemail.
Accessing cloud recordings will also require a complex password for users other than the meeting host, meanwhile enhancements for corporate users means larger organisations can link across multiple accounts so users can more easily search for meetings and phone contacts.
Zoom’s rise to fame amid the shift to home working has not been without problems, with recent weeks bringing to light a number of security shortcomings. Perhaps most troublesome for the company has been the trend of ‘Zoom bombing’, where individuals who have gotten their hands on a Meeting ID – which were previously visible within the app’s desktop window – could gatecrash a call.
Eric Yuan, founder and CEO of Zoom, said: “We will earn our customers’ trust and deliver them happiness with our unwavering focus on providing the most secure platform.”
More on Zoom and security
- Who has banned Zoom? Google, NASA, and more (TechRepublic)
- Zoom security: Your meetings will be safe and secure if you do these 10 things (ZDNet)
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Mastermind con man behind Catch Me If You Can talks cybersecurity (TechRepublic download)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)