Zoom Announces 5.0 Update With Added Security Upgrades Including Stronger Encryption
Following criticism of its security features, Zoom is set to roll out a major update that will include stronger encryption.
Earlier this month, video conferencing service Zoom halted the rollout of new features for 90 days as it commenced work on beefing up its security and privacy amid “Zoombombing” and other issues. A few days after that, it promised to turn on waiting rooms by default to let admins control who can join a meeting, and also announced last week an imminent launch of additional call controls for paid customers.
Now, a new report from The Verge explains that the videoconferencing application that has captured the zeitgeist of 2020 announced it will be rolling out a new version supporting advanced encryption to provide increased protection for its users.
In a blog post, the company said it will be rolling out its 5.0 update amid a 90-day freeze on new features in order to focus on security updates. This will include adding support for AES 256-bit GCM encryption across the platform to protect meeting data and prevent any tampering of calls.
Previously, Zoom claimed in documentation that its service was “end-to-end encrypted,” meaning it could not obtain conversations used on the platform. However, after reports emerged that Zoom was not actually end-to-end encrypted, the company said the issue was a matter of defining what end-to-end encrypted actually means.
While AES 256-bit GCM is not end-to-end encryption, security researchers have described it as a “significant improvement” on what came before.
Additionally, Zoom account admins and meeting hosts will now be able to choose which data center regions their meetings and webinars use for real-time traffic. This could be useful for organizations that don’t want their meeting traffic to be routed through unwanted regions and countries.
Other improvements include secure account contact sharing for larger organizations, more information in the admin dashboard, and measures meant to make it more difficult to accidentally share meeting IDs.