Zoom continues its effort to shore up security and recently divulged its plans for end-to-end encryption.
Zoom

Zoom is reported to be planning to strengthen its encryption for paying customers and other institutions such as schools.

Speaking to Reuters, Alex Stamos, the ex-Facebook chief security officer who joined Zoom as a consultant in April, said the company was looking at different approaches to beefing up security for some users.

As well as schools, this could include non-profit organizations and other customers that require an additional layer of protection for video meetings, such as political dissidents.

Stamos told Reuters that Zoom was trying to improve security while at the same time “significantly upgrading their trust and safety”, following previous criticisms around the video platform’s security settings.

This has led to incidents in which uninvited guests have crashed Zoom video meetings to share illegal or offensive material, often dubbed “Zoom-bombing”.

The proliferation of Zoom-bombing led to numerous governments and organizations banning the use of the platform for video conferencing.

While Zoom is looking at end-to-end-encryption – a feature it wrongly claimed to already support – Stamos explained that rolling this out platform-wide would prevent administrators from being able to insert themselves into meetings in which abusive material is being shared in real time.

As such, Stamos said that Zoom CEO, Eric Yuan, was weighing up “different arguments” for enhancing security, which will initially focus on “paid customers plus enterprise accounts where the company knows who they are”.

SEE: Security Awareness and Training policy (TechRepublic Premium)

Stamos noted that these plans were subject to change, with a Zoom spokesperson telling TechRepublic: “Zoom’s approach to end-to-end encryption is very much a work in progress – everything from our draft cryptographic design, which was just published last week, to our continued discussions around which customers it would apply to.”

Zoom garnered 300 million daily meeting participants in April, with the platform continuing to pull in massive numbers of remote workers drawn to its free video-conferencing software.

As the service has grown in success, rivals such as Google Meet and Microsoft Teams have sought to close the gap with free versions of their own video-meeting platforms. At the same time, Zoom has pushed out a series of updates to patch the cracks in its security architecture, including the arrival of AES 256-bit GCM encryption for video meetings in Zoom 5.0, and more comprehensive security controls for meeting admins and hosts.

Last week, Zoom published a draft proposal for its end-to-end encryption offer.