Zoom 5.0 Aims To Reduce 'Zoom Bombing'

Uploaded on 2020-05-04 in TECHNOLOGY-Key Areas-Social Media, TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The coronavirus lockdowns have increased the activities online and the use of the video-conferencing platform Zoom has risen dramatically and Zoom has had a 535% rise in daily traffic in the past few weeks, but the security concerns have increased just as much. Security researchers are saying that even the new 5.0 version of the app is a threat to privacy. 
 
Zoom is a prime target for spies, especially Chinese intelligence operatives, the Department of Homeland Security has warned US government agencies and law-enforcement agencies. More than a dozen security and privacy problems have been found in Zoom to date.
 
New York’s attorney general, Letitia James, sent a letter to the company asking it to outline the measures it had taken to address security concerns and accommodate the rise in users.In the letter, James said Zoom had been slow to address security vulnerabilities “that could enable malicious third parties to, among other things, gain surreptitious access to consumer webcams”.
 
A number of issues with Zoom have attracted public attention, most notably call hijacking or “Zoom-bombing”. Calls that are not set to private or password-protected can be accessed by anyone who inputs the nine- to 11-digit meeting code, and some research has shown how valid meeting codes could easily be identified.  Zoom now says it has taken steps to prevent this happening.
 
Another issue is that Zoom claims its calls can be encrypted, but doesn’t use the kind of end-to-end encryption that many people have come to understand as standard for private communication services. 
 
Messages or calls sent with end-to-end encryption are effectively locked with the receiving user’s public key that anyone can access, but can only be unlocked by the user’s private key. This system is used by messaging apps such as WhatsApp to ensure only a message’s recipient can read it, not even the app’s provider has access. The problem for anyone looking for a more private system is that many of Zoom’s competitors have their own similar security issues. For example, Microsoft’s Skype and Teams services also use forms of encryption that give the company control over the keys. 
 
The most secure options are arguably those that use end-to-end encryption and are built with open-source code because it can be publicly reviewed to check it doesn’t have any hidden problems. Signal is a messaging app that falls into this category and also provides video calling from smartphones, but not desktop video calls or video conferencing with multiple parties.
 
How To Improve Your Zoom Security
 
General Security. Regardless of what device you are using to access Zoom, keep these things in mind to improve your security:
  • Use the latest version of Zoom: Make sure you’re running the latest version of the app to ensure you have access to the most recent security updates and features. 
  • Use a dedicated email address to sign up: Unless you’ve been instructed to use your work email by your employer, you can sign up using a different email address to the one you normally use.
  • Check Zoom’s settings on your device: Zoom’s settings can be overwhelming, but checking a few essential ones are enabled will help you stay secure when using the software.
How to secure your Zoom meetings. If you are hosting, these settings will help you keep your Zoom meetings and live streams more secure. As a response to these problems, the Californian-based company has released its Zoom 5.0 update featuring new security enhancements which will help to improve the privacy of the platform. This is all part of Zoom’s 90-day plan to seek out and deal with security issues in the app.
 
Zoom has trumpeted the arrival of version 5.0 of its desktop software for Windows, Mac and Linux and the new version will include many of the security fixes we've recently seen for the Zoom web interface, including the abilities to kick out Zoom bombers from meetings, make sure meeting data doesn't go through China anymore and put everyone waiting for a meeting in a "waiting room." With Zoom 5.0, the encryption algorithm has been strengthened, but this still does not change the fundamental architecture  which does not fully implement end-to-end encryption.
 
At the same time, given the recent intense scrutiny of Zoom's infrastructure, the changes in version 5.0 represent a renewed commitment to helping users safeguard confidentiality, but some experts are saying that whilst the security within the app has improved, Zoom still isn’t offering full end-to-end encryption like platforms such as WhatsApp and Wire, 
 
Guardian:      The Covresation:     Toms Guide:    ITPro:        Standard:      Computer Weekly
 
You Might Also Read: 
 
Security Advice For Using Video Conference Tools:
 
 
 
« Effective Cyber Security Training Using The GoCyber App
UK Virus Tracking App Goes On Trial »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Huawei

Huawei

Huawei is a leading global ICT solutions provider. with end-to-end capabilities across the carrier networks, enterprise, consumer, and cloud computing fields.

InfoSec World

InfoSec World

InfoSec World conference and expo covers all aspects of information security with a broad agenda of sessions on key security issues.

Asigra

Asigra

Asigra provides an industry leading cloud backup and recovery software platform called Asigra Cloud Backup.

Fox-IT

Fox-IT

Fox-IT prevents, solves and mitigates the most serious cyber threats with smart solutions for governmental bodies, defense, law enforcement, critical infrastructure, banking and large enterprises.

MER Group

MER Group

MER Group is a world-leading integrator in the areas of communications and security. MER cyber solutions cover the entire range of cyber and intelligence related products and services.

Secure Systems Innovation Corp (SSIC)

Secure Systems Innovation Corp (SSIC)

SSIC is a cyber risk analytics firm whose mission is to improve how businesses manage cyber risk through the power of data analytics. SSIC developed the X-Analytics cyber risk decisioning platform.

Advantio

Advantio

Advantio offers a unique combination of technologies and managed, advisory and testing services to increase your cyber resilience and compliance.

StickmanCyber

StickmanCyber

At StickmanCyber we are on a mission to create a digital world that is safe for everyone - we are your trusted cybersecurity partner.

Quantum Star Technologies

Quantum Star Technologies

Quantum Star Technologies has developed Starpoint to be a next-next-generation solution to cyber security threats. Our mission is to secure the online world through our patented technology.

Prescient Solutions

Prescient Solutions

Prescient Solutions is a managed services provider, using a cloud-based model to provide IT solutions to small, mid-sized, global organizations and government entities.

Capgemini

Capgemini

Capgemini is one of the world's foremost providers of consulting, technology and outsourcing services. Areas of expertise include Cybersecurity.

National Coordinator for Security and Counterterrorism (NCTV) - Netherlands

National Coordinator for Security and Counterterrorism (NCTV) - Netherlands

The NCTV serves the Netherlands’ national security. We protect national interests, identify threats and strengthen resilience.

Cisilion

Cisilion

Cisilion's mission is simple – to transform and connect business with next-generation IT infrastructure. Our expertise includes enterprise networking, security, data centre & cloud, managed services.

Cybecs Security Solutions

Cybecs Security Solutions

Cybecs was founded to address rapid technological advancement, changing business models, global privacy regulations, and increasing cyber threats for global organizations.

B&L PC Solutions

B&L PC Solutions

B&L PC Solutions deliver top cyber security services on Long Island and New York city to protect businesses from evolving online threats.

Black Duck Software

Black Duck Software

Black Duck (formerly the Synopsys Software Integrity Group) is the market leader in application security testing (AST).