Zoom Security Issues – Latest Updates, Highs and Lows
Check out our analysis of Zoom's security mishaps and remedies
I’ve followed Zoom’s security issues for some time now, and what I’ve learned is that the company welcomes constructive criticism. As such, we’ve certainly done so in the past, but we always want to be fair when reporting on companies that continue to witness record-breaking video conferencing adoption.
The fact of the matter is, no-one could have predicted we’d be where we are today, in the novel Coronavirus era with more of the world’s population now working from home. This new, and likely semi-permanent reality is not only safer for the time being, but working from home offers a host of other benefits, too, including flexibility and balance for employees, for starters.
For employers, it’s a no-brainer to allow remote working because it can reduce overhead due to a reduction in physical office space as well as a hefty reliance on travel. Video conferencing tools like Zoom do have some flaws, but they provide a comparable solution that can satisfy everyone.
Zoom’s Founder and CEO, Eric Yuan, announced in April, the company would enact a 90-day plan to combat its security flaws, including Zoombombing. Two weeks after making that announcement, Zoom reached a major milestone on its timeline to tighten up security for its influx of new users, launching version 5.0. The new, more refined version of Zoom features security enhancements, including encryption, Zoom said in a statement, adding:
“System-wide account enablement of AES 256-bit GCM encryption will occur on May 30, 2020, and only Zoom clients on version 5.0 or later, including Zoom Rooms, will be able to join Zoom Meetings starting that day”
Zoom Just Hit its 30-Day Mark in its 90-Day Plan
In April, Zoom made a lot of progress on its plan, including adding a new security icon which lets users remove participants and lock meetings, a new ‘report a user’ function, waiting rooms, and passwords are now on by default for K-12, Basic (free), and Single Pro users.
Paid account admins can customize where meeting data are routed and passwords are set to ‘on’ by default for cloud recordings. Zoom’s enhanced the complexity of its password requirements for meetings and removed various features such as ‘attention tracking,’ LinkedIn Nav, Facebook SDK.
Zoom formed the CISO Council and Advisory Board, made up of security leaders from a cornucopia of industries. Alex Stamos joined Zoom as an outside advisor, hoping to assist with a comprehensive review of the company’s platform. Lea Kissner joined Zoom as a security consultant. Her focus; privacy, and encryption. Luta Security’s helping Zoom with its bug bounty program, and Yuan said recently – Zoom’s expanding its trust and safety team, as well.
On May 7, 2020, Zoom announced it had acquired Keybase. The company simultaneously declared the company’s goal of developing the most broadly-used enterprise end-to-end encryption offering (which came as no surprise) when you think about how the company’s dominating the video conferencing market. Zoom users will soon have another new security feature ticked by default.
All accounts will be set to require passwords for (all) meetings both past and future, even for phone attendees. Users will also soon have the ability to manage their virtual backgrounds and disable joining from multiple devices.