Zoom releases 5.0 update with security and privacy improvements

[Karlston]

Zoom releases 5.0 update with security and privacy improvements

Zoom is moving quickly to address complaints

 

 

Zoom promised a 90-day feature freeze to fix privacy and security issues, and the company is delivering on some of those promises. A new Zoom 5.0 update is rolling out today that’s designed to address some of the many complaints that Zoom has faced in recent weeks. With this new update, there’s now a security icon that groups together a number of Zoom’s security features. You can use it to quickly lock meetings, remove participants, and restrict screen sharing and chatting in meetings.

 

Zoom is also now enabling passwords by default for most customers, and IT admins can define the password complexity for Zoom business users. Zoom’s waiting room feature is also now on by default for basic, single-license Pro, and education accounts. This feature allows a host to hold participants in a virtual room before they’re allowed into a meeting.

 

Many of these changes are clear responses to the “Zoombombing” phenomenon, where pranksters join Zoom calls and broadcast porn or shock videos. Zoom’s previous default settings didn’t encourage a password to be set for meetings, and they allowed any participants to share their screen.

 

Zoom is also improving some of its encryption and upgrading to the AES 256-bit GCM encryption standard. This still isn’t the end-to-end encryption that Zoom erroneously said it had implemented, but it’s an improvement for the transmission of meeting data. Business customers can also control which data center regions will handle meeting traffic for their Zoom meetings, after concerns were raised that some meetings were being routed through servers in China.

 

Zoom is clearly responding quickly to the issues that have been raised, just as it has seen an influx of millions of new users using its service during the novel coronavirus pandemic. Zoom reported a maximum of 10 million daily users back in December, but this skyrocketed to more than 200 million daily meeting participants in March. There are still more issues to address and improvements required, but 20 days after Zoom CEO Eric S. Yuan promised changes, we’re now starting to see exactly how Zoom is responding.

 

 

Source: Zoom releases 5.0 update with security and privacy improvements (The Verge)

[Karlston]

Zoom adds encryption support and new security controls in new update

Earlier this month, video conferencing service Zoom halted the rollout of new features for 90 days as it commenced work on beefing up its security and privacy amid "Zoombombing" and other issues. A few days after that, it promised to turn on waiting rooms by default to let admins control who can join a meeting, and also announced last week an imminent launch of additional call controls for paid customers.

 

Today, Zoom is making good on those commitments by unveiling new security features as part of a new update. Zoom 5.0 will include support for the AES 256-bit GCM encryption standard to protect meeting data as it passes over the internet. The updated version of Zoom will go live within this week while the system-wide rollout of the new encryption feature for customers' accounts will occur on May 30. Account admins can also control which region to route their hosted meetings through at the account, group, or user level.

 

Eric S. Yuan, CEO of Zoom, said:

"I am proud to reach this step in our 90-day plan, but this is just the beginning. We built our business by delivering happiness to our customers. We will earn our customers’ trust and deliver them happiness with our unwavering focus on providing the most secure platform."

Zoom is also bringing changes to the user experience and controls. These include turning on the meeting passwords and waiting rooms by default (as promised). The security icon now houses the security features in a single place and it also lets hosts report a user to Zoom. Hosts can also control the ability of participants to rename themselves or share their screen.

 

The requirement to use complex passwords to access cloud recordings now applies to everyone, and this ability is turned on by default as well. Large organizations can also link contacts across multiple accounts to help users find meetings, chat, and phone contacts. For users, Zoom has added the ability to hide a preview of their chat in the notifications. The service has also increased the complexity of meeting IDs.

 

 

Source: Zoom adds encryption support and new security controls in new update (Neowin)

[xhartom]

 

Zoom releases security updates in response to 'Zoom-bombings'

 

 

 

The video-conferencing platform Zoom has released a new update this week in an effort to address an onslaught of security concerns surrounding the service.

Zoom says the newest version of its app, Zoom 5.0, includes encryption and new privacy controls, updates that are part of a 90-day plan to improve security and privacy on the platform.

“I am proud to reach this step in our 90-day plan, but this is just the beginning,” Eric Yuan, the company’s chief executive officer, said in a call on Wednesday. “We will earn our customers’ trust and deliver them happiness with our unwavering focus on providing the most secure platform.”

Zoom has struggled to meet security needs as the platform has scaled up its user base to unprecedented levels in recent months.

Since the coronavirus lockdown, Zoom’s daily active users shot up from around 10 million to 300 million as people use the platform for happy hours, work meetings, support groups and even funerals.

Users struggled with persistent “Zoom-bombing”, a new kind of attack in which bad actors enter video meetings and shout slurs and threats in an attempt to disrupt them. Narcotics Anonymous and Alcoholics Anonymous meetings were targeted in particular.

Zoom 5.0 will allow hosts to “report a user” to Zoom with a new security button and the app now defaults users to a “waiting room” feature, which requires participants to be approved to enter a meeting. All meetings will now require a password to enter.

Zoom also added a new encryption standard, called AES 256-bit GCM encryption, which is considered the “gold standard” of encryption and is used by the US government to secure data.

The change will help prevent meetings from being hijacked by hackers, said Thomas Hatch, the co-founder and chief technology officer of Utah-based software firm SaltStack.

“The end-to-end encryption that has been introduced improves the liability that existed before where video conferences could be hijacked out of line,” he said. “This adds a much better layer of privacy that was not present before.”

 

 

 

Read more

In addition to Zoom bombing concerns, the app had also received criticism over major bugs in recent months, including one that would allow a hacker to take full control over the user’s computer. To address these concerns, Zoom has beefed up its bug bounty program, incentivizing security professionals to alert them to bugs before hackers can exploit them.

In a call on Wednesday, Yuan reiterated that Zoom will not sell user data. Zoom had been forced to clarify policies around data sale after a story from Motherboard at Vice revealed Zoom sends data from users of its iOS app to Facebook for advertising purposes, even if the user does not have a Facebook account.

Zoom is not the only video conferencing platform, but it is easily one of the most popular. That is largely because of how easy it is to use, said Hank Schless, a senior manager at tech security firm Lookout.

“The widespread use of conferencing solutions like Zoom shows how people are OK with putting convenience ahead of security,” he said. “Zoom got a lot of attention because users were not turning on many of its security settings. Despite that, they continue to log in every day because they assume the likelihood of being a victim is too low to affect them.”

 

[Karlston]

Similar topics merged.

[zanderthunder]

Lets see how Zoom can able to regain trust back from users with this new security and privacy improvements.