On the 26th of March, we did an exposée on Zoom, showing how easy it was to break into a room and, on the 14th of April, we found that they had been lying about their end-to-end encryption, only to correct it when they’d been called out. You may think that these are valid reasons for ditching the app and not trusting it. You…would be right.
Recently, however, Zoom have announced a 90 day plan which includes a feature freeze on the 1st April 2020, which means no new features will be added in order to shift focus onto the biggest issues around privacy, alongside other promises to conduct penetration tests to identify further issues, and even improving the bug bounty program to allow others to assist with finding issues.
Following this 90-day plan, Zoom has acquired the secure messaging service Keybase, in an attempt to “Accomplish the creation of a truly private video communications platform” alongside the new Zoom 5.0 update which boasts new security and privacy enhancements.
The new features include a ‘Report a user’ option, which is found in their new security icon and allows hosts to report those misusing the platform. There is also a handy new encryption icon which signifies a secure connection. This will be updates to include a spiffy green shield after May 30th, where all users will be secured using the “enhanced GCM encryption”.
Zoom has taken a secure approach and enabled passwords by default now for all meetings, this is set at a minimum of six characters, although, administered account admins can define their own password complexity, offering the ability to specify the length, alphanumeric, and special character requirements deemed necessary.
Zoom did previously use a waiting room feature, allowing hosts to hold participants in a virtual private waiting room before being allowed access to the meeting. This feature has been enabled by default so hosts will now only have users in the meeting they have “allowed”. Another positive to mention is that if you have turned this off, hosts may now enable this feature during a live meeting, so you will not be required to close the meeting to change this!
It seems Zoom has taken the recent backlash serious and have taken steps in the right direction to improve their security posture.