The privacy and security concerns swirling around Zoom haven’t stopped users from flocking to the video conferencing service.
Zoom is now attracting 300 million daily users, up from 200 million on April 1, according to CEO Eric Yuan. “Clearly, the Zoom platform is providing an incredibly valuable service to our beloved users during this challenging time,” he said during a public webinar.
In December, Zoom was attracting a mere 10 million daily users, who were mainly business employees. But due to the coronavirus pandemic, use of the video conferencing software has skyrocketed. Now people are joining Zoom meetings to hold online classes, talk with friends, and even hold yoga sessions and sex parties.
However, the product’s sudden popularity has also made it a target for internet trolls and racists, who’ve been hijacking Zoom sessions to harass unsuspecting users. In addition, security researchers have been uncovering vulnerabilities in the software while also pointing out serious flaws in the company’s encryption claims, which could expose video sessions to spying.
The wave of scrutiny has created some bad press for Zoom, and even sparked some governments and companies, including Google and SpaceX, to tell their staffers to avoid using the video conferencing software.
To win back the public’s trust, Zoom has paused development on new features to focus entirely on bolstering the security and privacy of the platform. One of the latest changes, also announced on Wednesday, involves updating the product’s encryption standard. According to security researchers, the company was previously relying on the weaker “AES 128 in ECB mode” encryption protocol to secure meeting sessions.
“This mode of encryption preserves patterns in the input,” researchers from Citizen Lab wrote in a report earlier this month. In other words, your video sessions won’t be sufficiently scrambled. The visual outlines to who you’re talking to in a Zoom meeting will still be present.
To fix this, Zoom has upgraded the product’s encryption to AES 256-bit GCM. “We get increased protection for your meeting data, and increased resistance against tampering,” said Lea Kissner, a security advisor to Zoom, during the company's webinar.
The upgraded encryption is rolling out in the Zoom 5.0 update, which is releasing within a week. But the switch to AES 256-bit GCM will only occur by default for all users on May 30 because the company wants to ensure the transition is smooth. “One of things that happens when you upgrade a cryptographic protocol, and add new forms of security in it, is the new code doesn’t play nicely with the old code,” Kissner said.
Another security enhancement coming to Zoom 5.0 is a button to report when your meeting has been hijacked by a malicious stranger. "This feature will generate a report which will be sent to the Zoom Trust and Safety team to evaluate any misuse of the platform and block a user if necessary," the company says. The upcoming "report a user to Zoom," feature is slated to arrive this Sunday.
Further Reading
- 4 Ways Google Is Improving Duo Video Chats
- Invite Farm Animals to Liven Up Your Boring Zoom Meetings
- Got a Zoom-Bombing Problem? Zoom Will Soon Let You Report Attacks in Real Time
- Deepfaking a Celebrity on a Zoom Call is Now Possible
- More in Video Conferencing Software