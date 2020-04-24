It has been reported that Zoom is upgrading the encryption features on its video conferencing app to better safeguard meeting data and offer protection against tampering. The new version of the app, Zoom 5.0, will release within the week, the company said in a statement. Zoom, which has soared to 200 million daily users from 10 million in less than three months, had faced backlash from users after security researchers found bugs in its codes and the company failing to disclose that its service was not end-to-end encrypted. The app’s issues, including “Zoombombing” incidents where uninvited guests crash meetings, led to several companies, schools and governments to stop using the platform.
EXPERTS COMMENTS
Jonathan Knudsen, Senior Security Strategist , Synopsys
April 24, 2020
Much of the controversy swirling around Zoom security has to do with the claim of “end-to-end security.” For cybersecurity experts and privacy advocates, this means that information encrypted at one end of the conversation travels over the network and is decrypted at the other end of the conversation. Zoom’s interpretation of “end-to-end security” does vary from this; while information i ....Much of the controversy swirling around Zoom security has to do with the claim of “end-to-end security.” For cybersecurity experts and privacy advocates, this means that information encrypted at one end of the conversation travels over the network and is decrypted at the other end of the conversation. Zoom’s interpretation of “end-to-end security” does vary from this; while information is always encrypted in transit, it gets decrypted and encrypted again as it passes through Zoom’s meeting infrastructure. This means that a compromise of parts of Zoom’s infrastructure could give an attacker access to plaintext Zoom meeting content. In Zoom 5.0, the encryption algorithm has been strengthened, but this still does not change the fundamental architecture of Zoom, which does not fully implement end-to-end encryption. At the same time, given the recent intense scrutiny of Zoom’s infrastructure, the new changes in version 5.0 represent a renewed commitment to helping users safeguard confidentiality. For many of us, the risk of an adversary powerful enough to compromise Zoom’s infrastructure and intercept meeting content is low. For the most part, you can configure a reasonable degree of confidentiality by using a meeting password, monitoring participants, locking meetings after they start, and managing recordings carefully. On the other hand, if you are a government, or a defence contractor, or a research lab, or any other type of organisation with sensitive, high-value information, then end-to-end encryption could be critically important. These types of organisations need to be cognizant of the features and architecture of their communication infrastructure, including their online meeting platform.
