CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Zoom Announces Better Encryption, Other Security Improvements

Zoom rolling out more security improvements

Zoom rolling out more security improvements

Zoom on Wednesday announced a series of security improvements designed to address many of the concerns raised in recent weeks.

Researchers warned in early April that Zoom had been sending the keys used to encrypt and decrypt meetings to servers in China, even if all participants were located in other countries. Zoom has now announced that account administrators will be able to choose which data center regions they want to use for real-time meeting traffic. Data center regions include Australia, Canada, China, Europe, Hong Kong, India, Japan, Latin America and the United States.

The same researchers also warned that Zoom meetings were encrypted with an AES-128 key used in ECB mode, which is not recommended. The vendor says the upcoming Zoom 5.0, scheduled for release within the next week, will introduce AES 256-bit GCM encryption, which should provide better protection for meeting data.

“This provides confidentiality and integrity assurances on your Zoom Meeting, Zoom Video Webinar, and Zoom Phone data. Zoom 5.0, which is slated for release within the week, supports GCM encryption, and this standard will take effect once all accounts are enabled with GCM. System-wide account enablement will take place on May 30,” Zoom said in a blog post.

The company also told customers that it has grouped security features under a Security Icon that can be found in the meeting menu bar.

Many of the steps described by Zoom on Wednesday are in response to Zoombombing, where an unauthorized individual joins a video conference in an effort to cause disruption. Many Zoombombing incidents have been reported after Zoom’s popularity skyrocketed due to the COVID-19 coronavirus outbreak.

Hosts will be able to report users to Zoom, and they can also prevent meeting participants from renaming themselves.

The Waiting Room feature has been one of the most effective measures against Zoombombing as participants first enter a virtual waiting room before they are allowed to join in. The Waiting Room is now enabled by default for education, Basic, and single-license Pro accounts, and hosts can now enable the feature even while a meeting is in progress — hosts previously had to enable Waiting Room before creating a meeting.

Advertisement. Scroll to continue reading.

Meeting passwords and cloud recording passwords are now on by default for most users, and administrators can define how complex the passwords have to be.

Other improvements include secure account contact sharing for larger organizations, more information in the admin dashboard, and measures meant to make it more difficult to accidentally share meeting IDs.

Zoom also announced recently that it has teamed up with Luta Security to revamp its bug bounty program.

Related: Flaw Could Have Allowed Hackers to Identify All Zoom Users in a Company

Related: Zoom Working on Security Improvements Amid More Bans

Related: Zoom’s Security and Privacy Woes Violated GDPR, Expert Says

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.