Zoom 5.0 Aims To Reduce 'Zoom Bombing'

Uploaded on 2020-05-04 in TECHNOLOGY-Key Areas-Social Media, TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The coronavirus lockdowns have increased the activities online and the use of the video-conferencing platform Zoom has risen dramatically and Zoom has had a 535% rise in daily traffic in the past few weeks, but the security concerns have increased just as much. Security researchers are saying that even the new 5.0 version of the app is a threat to privacy. 
 
Zoom is a prime target for spies, especially Chinese intelligence operatives, the Department of Homeland Security has warned US government agencies and law-enforcement agencies. More than a dozen security and privacy problems have been found in Zoom to date.
 
New York’s attorney general, Letitia James, sent a letter to the company asking it to outline the measures it had taken to address security concerns and accommodate the rise in users.In the letter, James said Zoom had been slow to address security vulnerabilities “that could enable malicious third parties to, among other things, gain surreptitious access to consumer webcams”.
 
A number of issues with Zoom have attracted public attention, most notably call hijacking or “Zoom-bombing”. Calls that are not set to private or password-protected can be accessed by anyone who inputs the nine- to 11-digit meeting code, and some research has shown how valid meeting codes could easily be identified.  Zoom now says it has taken steps to prevent this happening.
 
Another issue is that Zoom claims its calls can be encrypted, but doesn’t use the kind of end-to-end encryption that many people have come to understand as standard for private communication services. 
 
Messages or calls sent with end-to-end encryption are effectively locked with the receiving user’s public key that anyone can access, but can only be unlocked by the user’s private key. This system is used by messaging apps such as WhatsApp to ensure only a message’s recipient can read it, not even the app’s provider has access. The problem for anyone looking for a more private system is that many of Zoom’s competitors have their own similar security issues. For example, Microsoft’s Skype and Teams services also use forms of encryption that give the company control over the keys. 
 
The most secure options are arguably those that use end-to-end encryption and are built with open-source code because it can be publicly reviewed to check it doesn’t have any hidden problems. Signal is a messaging app that falls into this category and also provides video calling from smartphones, but not desktop video calls or video conferencing with multiple parties.
 
How To Improve Your Zoom Security
 
General Security. Regardless of what device you are using to access Zoom, keep these things in mind to improve your security:
  • Use the latest version of Zoom: Make sure you’re running the latest version of the app to ensure you have access to the most recent security updates and features. 
  • Use a dedicated email address to sign up: Unless you’ve been instructed to use your work email by your employer, you can sign up using a different email address to the one you normally use.
  • Check Zoom’s settings on your device: Zoom’s settings can be overwhelming, but checking a few essential ones are enabled will help you stay secure when using the software.
How to secure your Zoom meetings. If you are hosting, these settings will help you keep your Zoom meetings and live streams more secure. As a response to these problems, the Californian-based company has released its Zoom 5.0 update featuring new security enhancements which will help to improve the privacy of the platform. This is all part of Zoom’s 90-day plan to seek out and deal with security issues in the app.
 
Zoom has trumpeted the arrival of version 5.0 of its desktop software for Windows, Mac and Linux and the new version will include many of the security fixes we've recently seen for the Zoom web interface, including the abilities to kick out Zoom bombers from meetings, make sure meeting data doesn't go through China anymore and put everyone waiting for a meeting in a "waiting room." With Zoom 5.0, the encryption algorithm has been strengthened, but this still does not change the fundamental architecture  which does not fully implement end-to-end encryption.
 
At the same time, given the recent intense scrutiny of Zoom's infrastructure, the changes in version 5.0 represent a renewed commitment to helping users safeguard confidentiality, but some experts are saying that whilst the security within the app has improved, Zoom still isn’t offering full end-to-end encryption like platforms such as WhatsApp and Wire, 
 
Guardian:      The Covresation:     Toms Guide:    ITPro:        Standard:      Computer Weekly
 
You Might Also Read: 
 
Security Advice For Using Video Conference Tools:
 
 
 
« Effective Cyber Security Training Using The GoCyber App
UK Virus Tracking App Goes On Trial »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Caldew Consulting

Caldew Consulting

Caldew specialise in providing information assurance and cyber security consultancy, covering the full spectrum of the security life cycle.

Encode

Encode

Encode delivers a cutting edge Security Analytics & Response Orchestration platform and best of breed Cyber Security Operations and Services.

Yubico

Yubico

Yubico sets new global standards for simple and secure access to computers, mobile devices, servers, and internet accounts.

Wibu-Systems

Wibu-Systems

Wibu-Systems is a leading provider of solutions for the Digital Rights Management (DRM) and anti-piracy industry.

Avatier

Avatier

Avatier identity management software products automate identity access management, user provisioning and IT governance to ensure information security and compliance.

Neoteric Networks

Neoteric Networks

We deliver a no nonsense procedure to implementing technology. The technology selection process ensures that all customers enjoy an engineered methodology implementing technology.

ICS Cyber Security Conference

ICS Cyber Security Conference

SecurityWeek’s Industrial Control Systems (ICS) Cyber Security Conference is the largest and longest-running event series focused on industrial cybersecurity.

Pinpoint Search Group

Pinpoint Search Group

Pinpoint Search Group's recruiters specialize in Information Management, Cyber Security, Cloud and Robotic Process Automation (RPA).

Control System Cyber Security Association International (CS2AI)

Control System Cyber Security Association International (CS2AI)

CS2AI is the premier global not for profit workforce development organization supporting professionals of all levels charged with securing control systems.

StateRAMP

StateRAMP

StateRAMP reduces risk from unsecure cloud solutions and protects data by providing State and local governments a standardized approach for verifying and monitoring security postures.

Auvik Networks

Auvik Networks

Auvik is easy-to-use cloud-based networking management and monitoring software - true network visibility and control without the hassle.

GrayMatter

GrayMatter

GrayMatter provides Advanced Industrial Analytics, OT Cybersecurity, Digital Transformation and Automation & Control services to clients across the U.S. and Canada.

Pangu Laboratory

Pangu Laboratory

Beijing Qi an Pangu Laboratory Technology Co., Ltd. was established on the basis of Pangu laboratory, a well-known cyber security team.

OneCollab

OneCollab

OneCollab, your unwavering ally in the dynamic landscape of IT services and cybersecurity.

Yarix

Yarix

Yarix is the leading company in Var Group’s Digital Security division and one of the most recognised, innovative and authoritative Italian companies in the IT security sector.

Nihka Technology Group

Nihka Technology Group

Nihka offers full end-to-end ICT solutions from business optimisation, data centre modernisation, cloud connection and management, and ICT security.