Zoom has upgraded its encryption and announced a slew of new “robust security enhancements” as the company continues efforts to keep up with new levels of demand and scrutiny.
The video conferencing giant is in the midst of a 90-day plan to improve its security and privacy.
Due to the ongoing COVID-19 pandemic, Zoom has seen an explosion in new users and a corresponding increase in analysis of its security and data-handling practices.
The company has now released a new version of the platform, with improved encryption on offer and some new security-enhancing features.
Zoom CEO Eric Yuan said this is just the start of the company’s continual efforts to improve the integrity of the product.
“I am proud to reach this step in our 90-day plan, but this is just the beginning,” Yuan said. “We built our business by delivering happiness to our customers.
“We will earn our customers’ trust and deliver them happiness with our unwavering focus on providing the most secure platform.”
Earlier this month it was revealed that Zoom did not offer end-to-end encryption on its platform, despite claiming to do so multiple times.
The company has since apologised for the “confusion”, saying it never intended to mislead its users.
As part of the newly-released Zoom 5.0, the platform will soon have AES 256-bit GCM encryption for meeting data in transit.
This will also resist against tampering, the company said.
AES encryption is regarded as the “gold standard” for data encryption and is used by the US government to protect “secure” data.
The encryption upgrade will greatly improve the security of meetings on Zoom and data held by the company, Zoom CPO Odel Gal said.
“On the back-end, AES 256-bit GCM encryption will raise the bar for securing our users’ data in transit,” Gal said. “We take a holistic view of our users’ privacy and our platform’s security. From our network to our feature set to our user experience, everything is being put through rigorous scrutiny.”
All accounts will be enabled with the new form of encryption by the end of May.
Zoom 5.0 will also come with a range of new safety features to be incorporated on the platform.
These include a new Security icon which will group together all security features directly on the video conferencing interface.
“On the front-end, I’m most excited about the Security icon in the meeting menu bar,” Gal said. “This takes our security features, existing and new, and puts them front and centre for our meeting hosts.
“With millions of new users, this will make sure they have instant access to important security controls in their meeting.”
This new icon will also allow a meeting host to report other users and stop meeting participants from renaming themselves.
With the new update, all education, basic and single licence pro accounts will have the Waiting Room services turned on by default.
This will mean the host can keep participants in individual waiting rooms before they are admitted to the video conference, and can be used to combat the threat of “zoombombing”, which emerged last month.
Meeting password complexity will also be turned on by default, along with the need for a password to access cloud recordings of meetings.
It’s the second big security announcement by Zoom this week, after it revealed plans to allow users to choose where their data is routed and brought on board a cybersecurity heavyweight to improve its bug bounty program just days earlier.
Under the update, paying users will be able to choose where their real-time meeting traffic is routed. Luta Security, led by Katie Moussouris, was brought in to revamp the company’s bug bounty program.