Zoom update: Video-calling app reveals new feature as it attempts to address privacy criticisms

Andrew Griffin
Wednesday 22 April 2020 15:41 BST
Comments

Zoom has revealed a major new update as it attempts to address criticism of its privacy and security.

The new version, named Zoom 5.0, finally adds more sophisticated encryption so that chats are protected as they pass over the internet.

But security experts warned there was still more to do by the company to ensure that people's videos and conversations are truly protected.

It is part of the company's "90-day plan", which saw it pull all work on new features and instead focus on fixing its various security issues.

The company saw a surge in use as various businesses, school and friends and family used it to keep in touch through coronavirus lockdowns around the world.

But that increase in usage also brought extra attention to those security problems, which included weak protection of videos as they were passed over the internet and the failure to protect against "Zoombombing", where strangers invade conversations in attempt to upset those inside of them.

The central part of the new update is an upgrade to the AES 256-bit GCM encryption standard. Though Zoom had promised that its chats were encrypted in the past, security researchers found that the conversations weren't actually as protected as they may seem, and could theoretically be intercepted as they were sent over the internet.

The other major update is a new icon that puts the app's security features at the front of the app. Those had previously been hidden away, requiring hosts to pick through menus if they wanted to switch on options that kept people from breaking into chats, for instance.

While security experts hailed the new breakthroughs, they warned that the company had more to do to ensure that chats were really protected. While the encryption of chats has been strengthened, it does not change the fact that the architecture of Zoom is not entirely end-to-end encrypted, said Jonathan Knudsen, senior security strategist at Synopsys.

"Much of the controversy swirling around Zoom security has to do with the claim of 'end-to-end security'," he said. "For cybersecurity experts and privacy advocates, this means that information encrypted at one end of the conversation travels over the network and is decrypted at the other end of the conversation.

"Zoom’s interpretation of “end-to-end security” does vary from this; while information is always encrypted in transit, it gets decrypted and encrypted again as it passes through Zoom’s meeting infrastructure. This means that a compromise of parts of Zoom’s infrastructure could give an attacker access to plaintext Zoom meeting content."

Zoom boss Eric Yuan suggested that new updates would be coming in the future as the company aims to respond even more to those various criticisms.

“I am proud to reach this step in our 90-day plan, but this is just the beginning," he said in a statement. "We built our business by delivering happiness to our customers. We will earn our customers’ trust and deliver them happiness with our unwavering focus on providing the most secure platform."

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in