sb-eu logo
Story image

Zoom announces new updates in response to privacy criticisms

After much criticism over its privacy and security policies, Zoom is looking to bounce back and consolidate the sweeping gains it made in March as millions across the world isolated in response to COVID-19.

In direct response to the heavy criticism it has received recently from reports of meeting-spying and shoddy privacy protocols, Zoom has announced ‘robust’ security enhancements in its new update Zoom 5.0.

Intense scrutiny was aimed at the company when it emerged that, despite Zoom advertising its service as having ‘end-to-end’ encryption, in reality, it did not, or at least not in the commonly accepted definition of the term. 

Zoom also faced reports of ‘Zoom-bombing’ – the act of threat actors covertly hacking into Zoom meetings to eavesdrop, and an ongoing lawsuit in California in which Zoom was accused of sharing user data with Facebook.

The company says the update, which is slated for release ‘within the week’ is a key milestone in its three-month plan to identify and enhance its privacy and security capabilities.

The primary change in its protocol comes in the form of new support for AES 256-bit GCM encryption. 

“We will earn our customers’ trust and deliver them happiness with our unwavering focus on providing the most secure platform,” says Zoom chief executive officer Eric S. Yuan. 

The changes

AES 256-bit GCM encryption

Zoom is upgrading to the AES 256-bit GCM encryption standard, which it says will offer increased protection of meeting data in transit and resistance against tampering. 

Zoom 5.0 supports GCM encryption, and the standard will take effect once all accounts are enabled with GCM, says the company.

Control Data Routing

The account admin may choose which data centre regions their account-hosted meetings and webinars use for real-time traffic at the account, group, or user level.

Meeting password complexity

Meeting passwords, an existing Zoom feature, is now on by default for most customers, including all Basic, single-license Pro, and K-12 customers. 

For administered accounts, account admins now have the ability to define password complexity.

Dashboard enhancement

Admins on business, enterprise, and education plans can view how their meetings are connecting to Zoom data centres in their Zoom Dashboard. 

This includes any data centres connected to HTTP Tunnel servers, as well as Conference Room Connectors and gateways.

“We take a holistic view of our users’ privacy and our platform’s security,” says Zoom chief privacy officer Oded Gal.

“From our network to our feature set to our user experience, everything is being put through rigorous scrutiny. 

“On the back end, AES 256-bit GCM encryption will raise the bar for securing our users’ data in transit. 

“On the front end, I’m most excited about the Security icon in the meeting menu bar. This takes our security features, existing and new, and puts them front and center for our meeting hosts. 

“With millions of new users, this will make sure they have instant access to important security controls in their meetings.”

Story image
A brief history of cyber-threats — from 2000 to 2020
Many significant cybersecurity events have occurred since the year 2000 — not every one of them ‘firsts’, but all of them correlating with a change in security behaviour or protection.More
Story image
22 billion records exposed from breaches in 2020 — report
The research also found that 35% of the breaches recorded by Tenable were caused by ransomware attacks, while 14% of breaches stemmed from email compromises.More
Story image
Microsoft top targeted brand by cyber criminals in Q4 2020
In Q4, 43% of all brand phishing attempts related to Microsoft (up from 19% in Q3), as threat actors continued to try to capitalise on people working remotely during the COVID-19 pandemic’s second wave. More
Story image
Online gaming a 'hotbed' for DDoS attacks — report
The latency and availability issues present in online gaming, in particular, presented an attractive target to attackers, in addition to the enduring popularity of gaming in the era of COVID-19.More
Story image
WatchGuard report tracks rise of network attacks in Q3
WatchGuard’s Q3 2020 Internet Security Report has called to attention the rise in attacks on corporate networks, even as many organisations shifted to remote work.More
Story image
Palo Alto Networks advances attack surface management with Expanse
"By integrating Expanse's attack surface management capabilities into Cortex after closing, we will be able to offer the first solution that combines the outside view of an organisation's attack surface with an inside view to proactively address all security threats."More