Zoom unveils a host of new privacy, security features

Looking to bounce back from a spate of recent security missteps, video conferencing platform Zoom today announced a variety of new privacy and security capabilities in Zoom 5.0, a key milestone in the company’s recently launched 90-day security plan.

The primary difference between the current version of Zoom software and Zoom 5.0 is the addition of support for AES 256-bit GCM encryption; it’s designed to provide increased protection for meeting data and resistance to tampering. The new level of encryption will be available across Zoom Meeting, Zoom Video Webinar, and Zoom Phone.

The company pointed users to a download page for the updated software.

In a statement, the company said the system-wide account enablement will be in place within the next two months, once all accounts are enabled with GCM. Zoom 5.0 will also allow account administrators to decide which data center regions their account-hosted meetings and webinars use.

“We take a holistic view of our users’ privacy and our platform’s security,” Zoom Chief Product Officer Oded Gal said in a post to the company’s blog. “From our network to our feature set to our user experience, everything is being put through rigorous scrutiny.”

He argued that AES 256-bit GCM encryption would better secure user data in transit and talked up Zoom’s security features. “With millions of new users, this will make sure they have instant access to important security controls in their meetings,” Gal said.

Zoom becomes both reactive and proactive

Zoom has faced numerous criticisms during the past month, ranging from accusations of Zoom-bombing to a bug that enabled hackers to steal Windows passwords to a Californian lawsuit in which the company was accused of sharing data with Facebook – a claim Zoom denies. The firm has moved quickly to show it is taking the concerns seriously. CEO Eric Yaun said April 3 that the company would halt development of new features to concentrate on its security efforts.

In a blog post last week, Zoom laid out the changes it had made since April 8, including stronger  password complexity requirements, removing the Meeting ID from the title bar and bolstered security for file sharing.

Today’s move involves a new wave of changes to user experience and controls. These include: the waiting room is now turned on by default, meeting hosts can now report a user, and ID and Invite options have been revamped to make it harder for a user to accidentally share a meeting ID.

Zoom might not be out of the woods yet, but IDC analyst Wayne Kurtzman praised the changes in the Zoom statement.

“When faced with questions over security and privacy, Zoom reacted quickly and very publicly to the challenges, including their CEO holding weekly public security briefings,” said Kurtzman, IDC’s research director for social, communities, and collaboration. “Zoom was also quick to take actions on changing the defaults that helped address meeting privacy concerns, as well as setting a 90-day plan for deeper actions and communicating it publicly.”