What you need to know about Zoom’s latest big security update

23 Apr 2020

Image: © science photo/Stock.adobe.com

Following criticism of its security features, Zoom is set to roll out a major update that will include stronger encryption.

Video conferencing app Zoom is set for a security overhaul in the coming days. The app has exploded in popularity as millions of people are now using it daily for work or staying in touch with friends and family.

However, instances of uninvited guests appearing in chats – known as ‘zoombombing’ – and questions of its lack of strong encryption have seen Zoom come under fire from privacy advocates.

In a blog post, the company said it will be rolling out its 5.0 update amid a 90-day freeze on new features in order to focus on security updates. This will include adding support for AES 256-bit GCM encryption across the platform to protect meeting data and prevent any tampering of calls.

Previously, Zoom claimed in documentation that its service was ‘end-to-end encrypted’, meaning it could not obtain conversations used on the platform. However, after reports emerged that Zoom was not actually end-to-end encrypted, the company said the issue was a matter of defining what end-to-end encrypted actually means.

While AES 256-bit GCM is not end-to-end encryption, security researchers have described it as a “significant improvement” on what came before.

What users will see

On the front-facing side of Zoom, most users will now see meeting passwords turned on by default, including users on the basic version. For business or enterprise accounts, account admins now have the ability to define password complexity instead of default ones provided by Zoom.

The host will also be given greater control over a meeting and will be able to report a user through a new security icon that will appear in the meeting menu bar. For those using it as an educational tool, sharing a screen will be defaulted to the host only.

Passwords are also now set by default to all those accessing cloud recordings, aside from the meeting host, and require a complex password.

“I am proud to reach this step in our 90-day plan, but this is just the beginning,” said Zoom CEO Eric Yuan.

“We built our business by delivering happiness to our customers. We will earn our customers’ trust and deliver them happiness with our unwavering focus on providing the most secure platform.”

Colm Gorey was a senior journalist with Silicon Republic