sb-au logo
Story image

Zoom announces new updates in response to privacy criticisms

After much criticism over its privacy and security policies, Zoom is looking to bounce back and consolidate the sweeping gains it made in March as millions across the world isolated in response to COVID-19.

In direct response to the heavy criticism it has received recently from reports of meeting-spying and shoddy privacy protocols, Zoom has announced ‘robust’ security enhancements in its new update Zoom 5.0.

Intense scrutiny was aimed at the company when it emerged that, despite Zoom advertising its service as having ‘end-to-end’ encryption, in reality, it did not, or at least not in the commonly accepted definition of the term. 

Zoom also faced reports of ‘Zoom-bombing’ – the act of threat actors covertly hacking into Zoom meetings to eavesdrop, and an ongoing lawsuit in California in which Zoom was accused of sharing user data with Facebook.

The company says the update, which is slated for release ‘within the week’ is a key milestone in its three-month plan to identify and enhance its privacy and security capabilities.

The primary change in its protocol comes in the form of new support for AES 256-bit GCM encryption. 

“We will earn our customers’ trust and deliver them happiness with our unwavering focus on providing the most secure platform,” says Zoom chief executive officer Eric S. Yuan. 

The changes

AES 256-bit GCM encryption

Zoom is upgrading to the AES 256-bit GCM encryption standard, which it says will offer increased protection of meeting data in transit and resistance against tampering. 

Zoom 5.0 supports GCM encryption, and the standard will take effect once all accounts are enabled with GCM, says the company.

Control Data Routing

The account admin may choose which data centre regions their account-hosted meetings and webinars use for real-time traffic at the account, group, or user level.

Meeting password complexity

Meeting passwords, an existing Zoom feature, is now on by default for most customers, including all Basic, single-license Pro, and K-12 customers. 

For administered accounts, account admins now have the ability to define password complexity.

Dashboard enhancement

Admins on business, enterprise, and education plans can view how their meetings are connecting to Zoom data centres in their Zoom Dashboard. 

This includes any data centres connected to HTTP Tunnel servers, as well as Conference Room Connectors and gateways.

“We take a holistic view of our users’ privacy and our platform’s security,” says Zoom chief privacy officer Oded Gal.

“From our network to our feature set to our user experience, everything is being put through rigorous scrutiny. 

“On the back end, AES 256-bit GCM encryption will raise the bar for securing our users’ data in transit. 

“On the front end, I’m most excited about the Security icon in the meeting menu bar. This takes our security features, existing and new, and puts them front and center for our meeting hosts. 

“With millions of new users, this will make sure they have instant access to important security controls in their meetings.”

Story image
ABB and Nozomi Networks extend collaboration, deliver improved OT security solutions
"With Nozomi Networks solutions added to our cybersecurity portfolio, our customers gain proven network monitoring and threat detection technology."More
Story image
5G network security a US$9 billion dollar opportunity - report
The cloud-native nature of 5G networks will have a disruptive and positive impact on the cybersecurity industry in the next few years, with 5G network security presenting a US$9 billion enterprise market opportunity by 2025.More
Link image
Virtual demo: Diagnose network cabling problems with the LinkIQ Cable+Network Tester
If you’re finding it difficult to install access points and cabling, or if you can’t pinpoint an issue with a video camera or end user, the LinkIQ Cable+Network Tester could be exactly what you need. Try a free, fully interactive demo now.More
Story image
2020 sees a global shift in financial malware threats
The financial threat landscape experienced a game-changing pandemic year, according to a new report from Kaspersky.More
Story image
Infrastructure-as-code, and how it can secure the cloud
Bridgecrew recognised IaC early on as one of the best ways for modern teams to delegate security ownership to individual contributors while distributing it across existing frameworks within CI/CD pipelines. This attribute meant that IaC was invaluable in securing cloud-native environments.More
Story image
Dell Technologies unveils new data protection innovations for hybrid cloud workloads
The Dell EMC PowerProtect Backup Service, powered by Druva, is designed to deliver SaaS app protection without increasing IT complexity.More