After stinging complaints about security issues Zoom Video Communications will release over the next seven days a new version of its conferencing platform as part of a 90-day plan promising to boost privacy and security.
Among the enhancements, Zoom 5.0 adds support for AES 256-bit GCM encryption, which the company says will increase protection for meeting data and resistance against tampering. However, in the future a totally new cryptographic design will be implemented that “greatly reduces risk to Zoom’s system,’ the company says.
“We will earn our customers’ trust and deliver them happiness with our unwavering focus on providing the most secure platform,” CEO Eric S. Yuan said in a statement.
At the beginning of April, as employees of thousands of companies around the world forced to start working from home, reporters and security analysis began looking closely at Zoom and other video and audio conferencing platforms. Many didn’t like what they saw, particularly at Zoom because it was one of the most popular choices of new home-based workers.
That prompted Yaun to acknowledge falling short on security and privacy and promising to will shift all of its software engineering resources over the next three months to focus on trust, safety and privacy issues, as well as conduct a comprehensive product review with third-party experts.
The first moves made earlier this month included making passwords mandatory for meetings and enabling a Waiting Room — where a host can screen attendees before going live — by default. Zoom 5.0’s new feature set is part of a second wave. In addition to tougher encryption, the changes include
- Control Data Routing: The account admin may choose which data centre regions their account-hosted meetings and webinars use for real-time traffic at the account, group, or user level
- A new “Security” icon: Zoom’s security features, which had previously been accessed throughout the meeting menus, are now grouped together and found by clicking the Security icon in the meeting menu bar on the hosts’ interface
- Robust host controls: Hosts will be able to “Report a User” to Zoom via the Security icon. They may also disable the ability for participants to rename themselves. For education customers, screen sharing now defaults to the host only
- Passwords: For administered accounts, account admins now have the ability to define password complexity (such as length, alphanumeric, and special character requirements). Additionally, Zoom Phone admins may now adjust the length of the pin required for accessing voicemail
- Cloud recordings passwords: Passwords are now set by default to all those accessing cloud recordings aside from the meeting host and require a complex password. For administered accounts, account admins now have the ability to define password complexity;
- Secure Account Contact Sharing: Zoom 5.0 will support a new data structure for larger organizations, allowing them to link contacts across multiple accounts so people can easily and securely search and find meetings, chat, and phone contacts
- Dashboard enhancement: Admins on business, enterprise, and education plans can view how their meetings are connecting to Zoom data centres in their Zoom Dashboard. This includes any data centers connected to HTTP Tunnel servers, as well as Conference Room Connectors and gateways
Users may also now opt to have their Zoom Chat notifications not show a snippet of their chat; new non-PMI meetings now have 11-digit IDs for added complexity; and during a meeting, the meeting ID and Invite option have been moved from the main Zoom interface to the Participants menu, making it harder for a user to accidentally share their meeting ID.