Zoom releases the 5.0 update with security and privacy improvements

The new update fixes some of the main privacy issues of the app.

In the last two months, due to the restrictions imposed to limit the spread of COVID-19, we have been forced to stay at home and, to keep in touch with friends and relatives, we have relied on some video chat software such as Zoom .

Unlike FaceTime, Skype or other similar programs, Zoom has become very popular because it is easy to use and offers a superior user experience .

From December 2019 to March this year, the number of people using the popular teleconferencing software  went from 10 million to 200 million . This is certainly a surprising increase, but Zoom’s path to success has not been without its unexpected events.

Starting in March, some privacy issues emerged . First of all, it emerged that the Zoom app on iOS was sending some user analytical data to Facebook . Later, it was revealed that around 500,000 accounts were sold on the Dark Web .

In the wake of these privacy concerns, Zoom earlier this month said he was implementing a 90-day block on new features so that his engineers could focus exclusively on solving a myriad of privacy concerns.

At the time, Zoom CEO Eric Yuan stated:

We did not design the product with the prediction that, within a few weeks, every person in the world would suddenly work, study and socialize from home. We now have a much larger number of users who use our product in a myriad of unexpected ways, presenting us with challenges that we had not anticipated when the platform was created.

These new use cases, primarily for the consumer, have helped us discover unexpected problems with our platform. Dedicated security journalists and researchers also helped identify pre-existing ones.

In light of this, the company launched Zoom 5.0 , an update full of security enhancements, including 256-bit AES GCM encryption, advanced controls for conference hosts, more powerful password protection, and more.

The following is a complete overview of the security additions included in the Zoom 5.0 update:

• 256-bit AES GCES encryption : Zoom is upgrading to the 256-bit AES GCES encryption standard, which offers greater protection of meeting data. This provides guarantees of confidentiality and integrity on the data of Zoom Meeting, Zoom Video Webinar and Zoom Phone. Zoom 5.0, which is slated for release later this week, supports GCM encryption and this standard will take effect once all accounts have been enabled with GCM. System-level account enablement will take place on May 30th.
• Data Routing Control : The account administrator can choose which regions of the data center use meetings hosted in the account and webinars for real-time traffic at the account, group, or user level.
• Security Icon : Zoom’s security features, previously accessed in all meeting menus, are now grouped together and found by clicking the Security icon in the meeting menu bar on the host interface. .
• Reliable host controls : hosts will be able to “ Report a user ” to Zoom via the Security icon. They may also disable the ability for participants to rename themselves. For education customers, screen sharing is now predefined only for the host.
• Default waiting room: The waiting room, an existing feature that allows a host to keep attendees in individual virtual waiting rooms before being admitted to a meeting, is now active by default for Education accounts, Basic and Pro with single license. Now all hosts can also activate the waiting room while the meeting is already in progress.
• Default Password Complexity and Default Activation : Meeting passwords, an existing Zoom feature, are now active by default for most customers, including all Basic, Single License Pro and K-12 customers. For managed accounts, account administrators now have the ability to define password complexity (such as length, alphanumeric characters and special characters). In addition, Zoom Phone administrators can now adjust the pin length required to access voicemail.
• Cloud Registration Passwords: Passwords are now set by default for everyone who accesses cloud recordings other than the meeting host and requires a complex password. For managed accounts, account administrators now have the ability to define password complexity.
• Securely share account contacts : Zoom 5.0 will support a new data structure for larger organizations, allowing them to link contacts across multiple accounts so that people can easily and securely search and find meetings, chats and phone contacts.
• Dashboard Improvement : Business and education plan administrators can view how their meetings connect to Zoom data centers in their dashboard. This includes any data center connected to the HTTP tunnel servers, as well as Zoom Conference Room connectors and gateways.
• Extras : users can now choose not to receive Zoom Chat notifications so they don’t show a snippet of their chat; new non-PMI meetings now have 11-digit IDs for greater complexity; and during a meeting, the meeting ID and the Invite option have been moved from the main Zoom interface to the Attendees menu, making it more difficult for the user to accidentally share the meeting ID.

Despite all the problems encountered so far, the company has not broken down, acknowledged its errors and seems willing to solve security problems as quickly as possible.