- Zoom today rolled out Zoom 5.0, an app update with a huge number of important security features and improvements.
- Zoom’s video chatting software exploded in popularity once the coronavirus quarantine began, but the app has been plagued by privacy issues.
- Visit BGR’s homepage for more stories.
Whether you like it or not, there’s no denying that the coronavirus has turned the majority of the country into hermits. With stay-at-home orders in place across the vast majority of U.S. states, millions of Americans have been stuck at home for weeks on end at this point. As a result, Zoom’s video conferencing software has skyrocketed in popularity over the past few weeks as people have been looking to virtually connect with friends and family.
While there is certainly no shortage of video chat options out on the market, Zoom managed to become the app of choice because it’s easy to use and offers a superior user experience. While video chatting with friends on FaceTime, for example, can result in frustrating lags and choppy video, Zoom’s technology manages to avoid such problems.
From December 2019 to March of this year, the number of people using Zoom jumped from 10 million to 200 million. That’s an astonishing increase by any measure, but Zoom’s ascension hasn’t been without its fair share of controversy.
Starting in March, a number of worrisome privacy-related issues began to surface. First off, word surfaced that the Zoom app on iOS was sending analytical data about its user base to Facebook. Following that were stories involving pesky “zoombombers” and even reports that seemingly private Zoom video recordings could be accessed by strangers.
In the wake of these privacy issues, Zoom earlier this month said that it was implementing a 90-day freeze on new features so that its engineers could focus exclusively on addressing a myriad of privacy concerns.
Zoom CEO Eric Yuan wrote at the time:
[We] did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home. We now have a much broader set of users who are utilizing our product in a myriad of unexpected ways, presenting us with challenges we did not anticipate when the platform was conceived.
These new, mostly consumer use cases have helped us uncover unforeseen issues with our platform. Dedicated journalists and security researchers have also helped to identify pre-existing ones.
In light of all that, Zoom today rolled out Zoom 5.0, an update chock full of security enhancements, including AES 256-bit GCM encryption, enhanced controls for conference hosts, stronger password protection, and more.
A full rundown of the security additions baked into the Zoom 5.0 update can be viewed below:
- AES 256-bit GCM encryption: Zoom is upgrading to the AES 256-bit GCM encryption standard, which offers increased protection of your meeting data in transit and resistance against tampering. This provides confidentiality and integrity assurances on your Zoom Meeting, Zoom Video Webinar, and Zoom Phone data. Zoom 5.0, which is slated for release within the week, supports GCM encryption, and this standard will take effect once all accounts are enabled with GCM. System-wide account enablement will take place on May 30.
- Data routing control: The account admin may choose which data center regions their account-hosted meetings and webinars use for real-time traffic at the account, group, or user level.
- Security icon: Zoom’s security features, which had previously been accessed throughout the meeting menus, are now grouped together and found by clicking the Security icon in the meeting menu bar on the host’s interface.
- Robust host controls: Hosts will be able to “Report a User” to Zoom via the Security icon. They may also disable the ability for participants to rename themselves. For education customers, screen sharing now defaults to the host only.
- Waiting Room default-on: Waiting Room, an existing feature that allows a host to keep participants in individual virtual waiting rooms before they are admitted to a meeting, is now on by default for education, Basic, and single-license Pro accounts. All hosts may now also turn on the Waiting Room while their meeting is already in progress.
- Meeting password complexity and default-on: Meeting passwords, an existing Zoom feature, is now on by default for most customers, including all Basic, single-license Pro, and K-12 customers. For administered accounts, account admins now have the ability to define password complexity (such as length, alphanumeric, and special character requirements). Additionally, Zoom Phone admins may now adjust the length of the pin required for accessing voicemail.
- Cloud recording passwords: Passwords are now set by default to all those accessing cloud recordings aside from the meeting host and require a complex password. For administered accounts, account admins now have the ability to define password complexity.
- Secure account contact sharing: Zoom 5.0 will support a new data structure for larger organizations, allowing them to link contacts across multiple accounts so people can easily and securely search and find meetings, chat, and phone contacts.
- Dashboard enhancement: Admins on business, enterprise, and education plans can view how their meetings are connecting to Zoom data centers in their Zoom Dashboard. This includes any data centers connected to HTTP Tunnel servers, as well as Zoom Conference Room Connectors and gateways.
- Additional: Users may now opt to have their Zoom Chat notifications not show a snippet of their chat; new non-PMI meetings now have 11-digit IDs for added complexity; and during a meeting, the meeting ID and Invite option have been moved from the main Zoom interface to the Participants menu, making it harder for a user to accidentally share their meeting ID.
Say what you will about Zoom, but the company has been quick to acknowledge its mistakes and appears intent on addressing security concerns as fast as it can.