Sorry, Zoom eavesdroppers.
Zoom announced Wednesday that its version 5.0 update will add some security upgrades that privacy-minded “Zoomers” will appreciate.
Most significantly, Zoom is improving the encryption standard that it uses, which makes call data more resistant to getting intercepted. Encryption has been a big issue for Zoom since The Intercept uncovered that its claims about having end-to-end encryption were not accurate; that its encryption standards were subpar; and that some data was even getting routed through China, which critics said could open it up to government interference.
Now, Zoom is upgrading from employing 128-bit Advanced Encryption Standard (AES) keys to providing support for a more complicated and secure standard, called AES 256-bit GCM encryption. Grant McCormick, the chief information officer at security firm Exabeam, called the change a “significant improvement,” and explained that consumers can “think of it as skipping two generations on a smartphone upgrade.”
In addition to updating the encryption standard, Zoom is also giving account managers the ability to control which data regions it avoids (read: China). The two updates together bring Zoom security more up to snuff.
“Moving to the encryption scheme of AES 256-bit GCM should be a sufficient move to support the expected level of encryption for streaming conference data,” Mark Ostrowski, the head of engineering at Check Point Security, said. “Additionally, adding ‘Data Routing Control’ a user can also omit Zoom datacenter locations around the globe limiting where the conference data could be routed to as part of the call.”
In recent weeks, Zoom has also added some features on the user-facing end. All security settings will now be grouped under a new security padlock icon; previously, they were scattered throughout the interface. Zoom also recently changed the settings for passwords and waiting rooms, automatically turning on those security measures for education, Basic, and single-license Pro accounts. The experts Mashable spoke with said that it’s essential individuals make use of those features to keep Zoom meetings secure.
However, Zoom is still not living up to its former promise of “end-to-end” encryption. Logan Kipp, director at SiteLock, told Mashable that “the primary security change, adding support for AES 256-bit GCM encryption, doesn’t exactly move Zoom in the direction of end-to-end encryption across all communication mediums.” However, he sees it as a step in the right direction, and doubts that true end-to-end encryption would be available for a product like Zoom with all of its features intact.
“With a complex video conferencing solution like Zoom, it is technologically difficult for the platform to support true end-to-end encryption and still retain all of its features and real-time quality control for things like audio and video quality,” Kipp said. “While I do foresee this being implemented as a non-default option in the future, we should have the expectation that some features, such as call recording or browser-based conferencing, may not be available in sessions where end-to-end encryption is enabled.”
The new, more secure Zoom will be available on May 30. If you want to do everything you can to avoid your data getting listened in on, make sure to update your app then.