Whack-a-mole’s current Zoom game with security bugs in its code continued today with the imminent release of version 5, is packed with support for 256-bit AES-GCM encryption.
This is the latest addition to the videoconferencing software company’s 90-day plan for questionable platform security after a few hellish weeks at the hands of security researchers, privacy activists and journalists. As hundreds of millions of Internet users, forced to stay at home and work remotely if possible in the midst of the coronavirus pandemic, have flocked to Zoom’s chat products, its code has been the subject of careful examination. Various flaws were discovered – from end-to-end encryption that did not exist to unstable password protection during calls.
Upgrading encryption in Zoom 5.0 will better protect data in transit – it previously used AES-ECB, which video frame leak eavesdropping. “The system-wide account activation will take place on May 30,” said Colleen Rodriguez of Zoom about the improvement.
In addition to encryption, Zoom will allow account administrators to select which of its data centers can handle user data, after some of Zoom’s servers in China have finished handling calls from outside of China. So now you can choose in which region of the world your cats can circulate.
However, it is with the user experience that Zoom can start to take off a bit because it increases security by making its platform, frankly, a little more difficult to use. One of the factors contributing to its success was the frictionless way in which internet users were able to connect, at the unfortunate price of questionable security.
Don’t Zoom Elsewhere: Google Connects the Meet the Video Chat Service in Gmail as Users’ Eyes Start Wandering
Witness of Zoom bombing phenomenon, made possible by forcibly forcing meeting credentials without passwords, somehow bypassing call passwords, or scanning social media for details of shared access.
To lock things in a bit more, the Waiting Room feature, where participants are kept in individual virtual waiting rooms for review by the host, will be enabled by default for Basic, Education Pro accounts and single license. Password matching, which in theory is already enabled for most clients, can have their complexity defined by administrators.
Your humble vulture has had a personal experience of non-technical knowledge struggling with the concept of waiting room and there is a risk that by securing the experience, Zoom risks customers looking elsewhere for their solution facing -face.
Other changes include a change in user interface to consolidate security features, as well as improved host controls to allow the meeting host to easily report users or turn off the ability for attendees to rename themselves. Passwords are also set by default for cloud records, and large organizations will appreciate the ability to link contacts across multiple accounts.
Out of breath on its trumpet, the company urges bettors “to update your Zoom to Zoom 5.0 application, please visit zoom.com/download”.
We suggest keeping the fire a little longer – at the time of writing, only version 4.x was available. We have asked the company exactly when the wonders will be awarded and will update when it responds. ®
Office 365 client-to-client migration tips