Zoom 5.0 Aims To Reduce 'Zoom Bombing'

The coronavirus lockdowns have increased the activities online and the use of the video-conferencing platform Zoom has risen dramatically and Zoom has had a 535% rise in daily traffic in the past few weeks, but the security concerns have increased just as much. Security researchers are saying that even the new 5.0 version of the app is a threat to privacy. 
 
Zoom is a prime target for spies, especially Chinese intelligence operatives, the Department of Homeland Security has warned US government agencies and law-enforcement agencies. More than a dozen security and privacy problems have been found in Zoom to date.
 
New York’s attorney general, Letitia James, sent a letter to the company asking it to outline the measures it had taken to address security concerns and accommodate the rise in users.In the letter, James said Zoom had been slow to address security vulnerabilities “that could enable malicious third parties to, among other things, gain surreptitious access to consumer webcams”.
 
A number of issues with Zoom have attracted public attention, most notably call hijacking or “Zoom-bombing”. Calls that are not set to private or password-protected can be accessed by anyone who inputs the nine- to 11-digit meeting code, and some research has shown how valid meeting codes could easily be identified.  Zoom now says it has taken steps to prevent this happening.
 
Another issue is that Zoom claims its calls can be encrypted, but doesn’t use the kind of end-to-end encryption that many people have come to understand as standard for private communication services. 
 
Messages or calls sent with end-to-end encryption are effectively locked with the receiving user’s public key that anyone can access, but can only be unlocked by the user’s private key. This system is used by messaging apps such as WhatsApp to ensure only a message’s recipient can read it, not even the app’s provider has access. The problem for anyone looking for a more private system is that many of Zoom’s competitors have their own similar security issues. For example, Microsoft’s Skype and Teams services also use forms of encryption that give the company control over the keys. 
 
The most secure options are arguably those that use end-to-end encryption and are built with open-source code because it can be publicly reviewed to check it doesn’t have any hidden problems. Signal is a messaging app that falls into this category and also provides video calling from smartphones, but not desktop video calls or video conferencing with multiple parties.
 
How To Improve Your Zoom Security
 
General Security. Regardless of what device you are using to access Zoom, keep these things in mind to improve your security:
  • Use the latest version of Zoom: Make sure you’re running the latest version of the app to ensure you have access to the most recent security updates and features. 
  • Use a dedicated email address to sign up: Unless you’ve been instructed to use your work email by your employer, you can sign up using a different email address to the one you normally use.
  • Check Zoom’s settings on your device: Zoom’s settings can be overwhelming, but checking a few essential ones are enabled will help you stay secure when using the software.
How to secure your Zoom meetings. If you are hosting, these settings will help you keep your Zoom meetings and live streams more secure. As a response to these problems, the Californian-based company has released its Zoom 5.0 update featuring new security enhancements which will help to improve the privacy of the platform. This is all part of Zoom’s 90-day plan to seek out and deal with security issues in the app.
 
Zoom has trumpeted the arrival of version 5.0 of its desktop software for Windows, Mac and Linux and the new version will include many of the security fixes we've recently seen for the Zoom web interface, including the abilities to kick out Zoom bombers from meetings, make sure meeting data doesn't go through China anymore and put everyone waiting for a meeting in a "waiting room." With Zoom 5.0, the encryption algorithm has been strengthened, but this still does not change the fundamental architecture  which does not fully implement end-to-end encryption.
 
At the same time, given the recent intense scrutiny of Zoom's infrastructure, the changes in version 5.0 represent a renewed commitment to helping users safeguard confidentiality, but some experts are saying that whilst the security within the app has improved, Zoom still isn’t offering full end-to-end encryption like platforms such as WhatsApp and Wire, 
 
Guardian:      The Covresation:     Toms Guide:    ITPro:        Standard:      Computer Weekly
 
You Might Also Read: 
 
Security Advice For Using Video Conference Tools:
 
 
 
« Effective Cyber Security Training Using The GoCyber App
UK Virus Tracking App Goes On Trial »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Seagate Technology

Seagate Technology

Seagate data storage systems are purpose-built for enterprise and data centre performance, scalability, reliability and security.

EY Advisory

EY Advisory

EY is a multinational professional services firm headquartered in the UK. EY Advisory service areas include Cybersecurity.

High Sec Labs (HSL)

High Sec Labs (HSL)

High Sec Labs develops high-quality, cyber-defense solutions in the field of network and peripheral isolation.

herdProtect

herdProtect

herdProtect is a second line of defense malware scanning platform powered by 68 anti-malware engines in the cloud.

Digital Transformation EXPO (DTX)

Digital Transformation EXPO (DTX)

Digital Transformation EXPO showcases the latest technology and insight from the world’s leading brands and experts in DX.

Business Continuity

Business Continuity

Business Continuity delivers integrated IT solutions for cybersecurity, virtualization, cloud platforms and operational security solutions.

Baffin Bay Networks

Baffin Bay Networks

Baffin Bay Networks operates globally distributed Threat Protection Centers™, offering DDoS protection, Web Application Protection and Threat Inspection.

Cynamics

Cynamics

Cynamics is the only network monitoring solution built specifically for Smart City, Public Safety and Critical Infrastructure networks.

N8 Identity

N8 Identity

N8 Identity helps organizations realize the vision of Autonomous Identity Governance™ with AI-driven Identity solutions.

Rostelecom

Rostelecom

Rostelecom is Russia’s largest integrated provider of digital services and solutions, covering all market segments including consumer, governmental and private organizations.

Red Sky Alliance

Red Sky Alliance

Red Sky Alliance (Wapack Labs Corp) is a cyber threat intelligence firm that delivers proprietary intelligence data, analysis and in-depth strategic reporting.

SIXGEN

SIXGEN

SIXGEN provides incident response, operational and penetration testing, red teaming, tool development, cyber training development and continuous monitoring.

Progress Partners

Progress Partners

Progress Partners is a corporate advisory firm that works with buyers and sellers of emerging growth companies to complete M&A or private placement transactions. Our sectors include cybersecurity.

ASRC Federal

ASRC Federal

ASRC Federal’s mission is to help federal civilian, intelligence and defense agencies achieve successful outcomes and elevate their mission performance.

Inroad Technologies

Inroad Technologies

Inroad Technologies provide IT services that help keep your business computers, servers and networks secure and trouble-free.

Replica

Replica

Replica creates authentic virtual environments that ensure identities and assets are always protected no matter where or what work needs to get done.