USA TODAY International Edition
New version of Zoom aims to defuse Zoom bombing
Zoom is fine- tuning its video conferencing software and upgrading security features to help prevent “Zoom bombing” and other privacy intrusions.
The San Jose, California- headquartered online video provider said Wednesday that it will make available a new 5.0 version of its software later this week. In addition to improved security features, Zoom will use more advanced encryption that will better protect meeting data and prevent tampering with online meetings.
This month, Zoom CEO Eric Yuan said the company would spend 90 days tightening the platform’s security to help prevent instances of video conferences being interrupted by Zoom bombing incidents.
Some of the most notorious cases involve educational classes and local government meetings being disrupted with images of pornography and racist symbols including swastikas. On Tuesday, an online Holocaust Remembrance Day event conducted by the Israeli Embassy in Germany was disrupted with pictures of Adolf Hitler and the shouting of anti- Semitic and pro- Palestinian slogans, the Israeli newspaper Haaretz reported.
The new version of Zoom will make it harder for meetings to be Zoom bombed with passwords and waiting rooms, which require passwords and a host to admit an attendee, being default settings. For educational users, screen sharing will default to the host only. An improved security feature will be accessible from an icon on the host’s interface and will include a “Report a User” option.
Longer passwords and PIN numbers ( for those calling in by phone) can also be created.
“I am proud to reach this step in our 90- day plan, but this is just the beginning,” Yuan said.
By the end of May, Zoom plans for its entire platform to use tougher encryption, AES 256- bit GCM encryption, which Zoom says “offers increased protection of your meeting data in transit and resistance against tampering.” The standard can take effect once all Zoom accounts are updated, Zoom says.
The move can help combat potential attacks from hackers. Zoom has released fixes for issues brought to its attention including flaws that could be exploited to hijack a user’s Mac computer.
As people have stayed at home during the coronavirus pandemic, more have begun using Zoom to connect via video and audio chats for work and to catch up with family and friends. Zoom has seen usage “balloon,” Yuan said, as the nation has shut down since March.
Zoom has about 300 million daily meeting participants, the company says. That’s up from last month, when it surpassed more than 200 million daily meeting participants on its free and paid versions, compared wirh a high in 2019 of 10 million.
Zoom’s upgrades “represent a renewed commitment to helping users safeguard confidentiality” and should make most users feel more secure, said Jonathan Knudsen, senior security strategist for cybersecurity company Synopsys. “For the most part, you can configure a reasonable degree of confidentiality by using a meeting password, monitoring participants, locking meetings after they start, and managing recordings carefully.”
But Zoom’s departure from what is commonly considered “end- to- end encryption,” should continue to raise concerns for government users and for private industries that are potential targets for espionage, Knudsen says. In most cases, end- to- end security means information is encrypted at one end before it is sent over the network and is then decrypted at the other end.
Zoom encrypts information, then it is decrypted “and encrypted again as it passes through Zoom’s meeting infrastructure,” he said. “This means that a compromise of parts of Zoom’s infrastructure could give an attacker access to plain- text Zoom meeting content.”