Zoom 5.0 Aims To Reduce 'Zoom Bombing'

Uploaded on 2020-05-04 in TECHNOLOGY-Key Areas-Social Media, TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The coronavirus lockdowns have increased the activities online and the use of the video-conferencing platform Zoom has risen dramatically and Zoom has had a 535% rise in daily traffic in the past few weeks, but the security concerns have increased just as much. Security researchers are saying that even the new 5.0 version of the app is a threat to privacy. 
 
Zoom is a prime target for spies, especially Chinese intelligence operatives, the Department of Homeland Security has warned US government agencies and law-enforcement agencies. More than a dozen security and privacy problems have been found in Zoom to date.
 
New York’s attorney general, Letitia James, sent a letter to the company asking it to outline the measures it had taken to address security concerns and accommodate the rise in users.In the letter, James said Zoom had been slow to address security vulnerabilities “that could enable malicious third parties to, among other things, gain surreptitious access to consumer webcams”.
 
A number of issues with Zoom have attracted public attention, most notably call hijacking or “Zoom-bombing”. Calls that are not set to private or password-protected can be accessed by anyone who inputs the nine- to 11-digit meeting code, and some research has shown how valid meeting codes could easily be identified.  Zoom now says it has taken steps to prevent this happening.
 
Another issue is that Zoom claims its calls can be encrypted, but doesn’t use the kind of end-to-end encryption that many people have come to understand as standard for private communication services. 
 
Messages or calls sent with end-to-end encryption are effectively locked with the receiving user’s public key that anyone can access, but can only be unlocked by the user’s private key. This system is used by messaging apps such as WhatsApp to ensure only a message’s recipient can read it, not even the app’s provider has access. The problem for anyone looking for a more private system is that many of Zoom’s competitors have their own similar security issues. For example, Microsoft’s Skype and Teams services also use forms of encryption that give the company control over the keys. 
 
The most secure options are arguably those that use end-to-end encryption and are built with open-source code because it can be publicly reviewed to check it doesn’t have any hidden problems. Signal is a messaging app that falls into this category and also provides video calling from smartphones, but not desktop video calls or video conferencing with multiple parties.
 
How To Improve Your Zoom Security
 
General Security. Regardless of what device you are using to access Zoom, keep these things in mind to improve your security:
  • Use the latest version of Zoom: Make sure you’re running the latest version of the app to ensure you have access to the most recent security updates and features. 
  • Use a dedicated email address to sign up: Unless you’ve been instructed to use your work email by your employer, you can sign up using a different email address to the one you normally use.
  • Check Zoom’s settings on your device: Zoom’s settings can be overwhelming, but checking a few essential ones are enabled will help you stay secure when using the software.
How to secure your Zoom meetings. If you are hosting, these settings will help you keep your Zoom meetings and live streams more secure. As a response to these problems, the Californian-based company has released its Zoom 5.0 update featuring new security enhancements which will help to improve the privacy of the platform. This is all part of Zoom’s 90-day plan to seek out and deal with security issues in the app.
 
Zoom has trumpeted the arrival of version 5.0 of its desktop software for Windows, Mac and Linux and the new version will include many of the security fixes we've recently seen for the Zoom web interface, including the abilities to kick out Zoom bombers from meetings, make sure meeting data doesn't go through China anymore and put everyone waiting for a meeting in a "waiting room." With Zoom 5.0, the encryption algorithm has been strengthened, but this still does not change the fundamental architecture  which does not fully implement end-to-end encryption.
 
At the same time, given the recent intense scrutiny of Zoom's infrastructure, the changes in version 5.0 represent a renewed commitment to helping users safeguard confidentiality, but some experts are saying that whilst the security within the app has improved, Zoom still isn’t offering full end-to-end encryption like platforms such as WhatsApp and Wire, 
 
Guardian:      The Covresation:     Toms Guide:    ITPro:        Standard:      Computer Weekly
 
You Might Also Read: 
 
Security Advice For Using Video Conference Tools:
 
 
 
« Effective Cyber Security Training Using The GoCyber App
UK Virus Tracking App Goes On Trial »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Cyren

Cyren

Cyren is a cloud-based, Internet security technology company providing threat detection and security analytics.

F-Response

F-Response

F-Response is a software utility that enables an investigator to conduct live Forensics, Data Recovery, and eDiscovery over an IP network using their tools of choice.

International Computer Science Institute (ICSI)

International Computer Science Institute (ICSI)

ICSI is a leading independent, nonprofit center for research in computer science. Research areas include network security and privacy.

Ubiq Security

Ubiq Security

Ubiq has developed a software solution that secures any type of data, on any device, anywhere, with nearly no impact to system performance or user experience.

Cyxtera Technologies

Cyxtera Technologies

Cyxtera offers powerful, secure IT infrastructure capabilities paired with agile, dynamic software-defined security.

Arc4dia Labs

Arc4dia Labs

Arc4dia have developed SNOW, a cyber security solution to combat the world’s most sophisticated cyber threats.

Polyrize

Polyrize

The Polyrize continuous authorization platform for SaaS and IaaS stops tomorrow's public cloud cyber threats, today.

EMnify

EMnify

EMnify is a Software-as-a-Service (SaaS) company, revolutionizing cellular Internet of Things (IoT).

Ascend Technologies

Ascend Technologies

Ascend Technologies offers a full suite of managed IT services including: Cloud & Infrastructure Management, Cybersecurity Management, Service Desk Management, Application Management , Data Management

7layers

7layers

7layers has established itself as one of the world’s leading test house groups for mobile devices and the growing number of wireless devices, modules and chipsets.

General Informatics

General Informatics

General Informatics is a team of technology enthusiasts with one mission: to make our clients even more successful through the best use of technology.

Nomios

Nomios

Nomios develops innovative solutions for your security and network challenges. We design, secure and manage your digital infrastructure.

CYDEF

CYDEF

CYDEF provides comprehensive, state-of-the-art cybersecurity protection that is accessible and affordable to organizations of any size.

BastionZero

BastionZero

BastionZero is leveraging cryptography to reimagine the tools used to manage remote access to servers, containers, clusters, applications and databases across cloud and on-prem environments.

Computacenter

Computacenter

Computacenter is a leading independent technology partner, trusted by large corporate and public sector organisations. We help our customers to source, transform and manage their IT infrastructure.

Qodea

Qodea

Qodea (formerly Appsbroker CTS) is Europe's largest Google Premier only transformation partner.