Zoom 5.0 Aims To Reduce 'Zoom Bombing'

Uploaded on 2020-05-04 in TECHNOLOGY-Key Areas-Social Media, TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The coronavirus lockdowns have increased the activities online and the use of the video-conferencing platform Zoom has risen dramatically and Zoom has had a 535% rise in daily traffic in the past few weeks, but the security concerns have increased just as much. Security researchers are saying that even the new 5.0 version of the app is a threat to privacy. 
 
Zoom is a prime target for spies, especially Chinese intelligence operatives, the Department of Homeland Security has warned US government agencies and law-enforcement agencies. More than a dozen security and privacy problems have been found in Zoom to date.
 
New York’s attorney general, Letitia James, sent a letter to the company asking it to outline the measures it had taken to address security concerns and accommodate the rise in users.In the letter, James said Zoom had been slow to address security vulnerabilities “that could enable malicious third parties to, among other things, gain surreptitious access to consumer webcams”.
 
A number of issues with Zoom have attracted public attention, most notably call hijacking or “Zoom-bombing”. Calls that are not set to private or password-protected can be accessed by anyone who inputs the nine- to 11-digit meeting code, and some research has shown how valid meeting codes could easily be identified.  Zoom now says it has taken steps to prevent this happening.
 
Another issue is that Zoom claims its calls can be encrypted, but doesn’t use the kind of end-to-end encryption that many people have come to understand as standard for private communication services. 
 
Messages or calls sent with end-to-end encryption are effectively locked with the receiving user’s public key that anyone can access, but can only be unlocked by the user’s private key. This system is used by messaging apps such as WhatsApp to ensure only a message’s recipient can read it, not even the app’s provider has access. The problem for anyone looking for a more private system is that many of Zoom’s competitors have their own similar security issues. For example, Microsoft’s Skype and Teams services also use forms of encryption that give the company control over the keys. 
 
The most secure options are arguably those that use end-to-end encryption and are built with open-source code because it can be publicly reviewed to check it doesn’t have any hidden problems. Signal is a messaging app that falls into this category and also provides video calling from smartphones, but not desktop video calls or video conferencing with multiple parties.
 
How To Improve Your Zoom Security
 
General Security. Regardless of what device you are using to access Zoom, keep these things in mind to improve your security:
  • Use the latest version of Zoom: Make sure you’re running the latest version of the app to ensure you have access to the most recent security updates and features. 
  • Use a dedicated email address to sign up: Unless you’ve been instructed to use your work email by your employer, you can sign up using a different email address to the one you normally use.
  • Check Zoom’s settings on your device: Zoom’s settings can be overwhelming, but checking a few essential ones are enabled will help you stay secure when using the software.
How to secure your Zoom meetings. If you are hosting, these settings will help you keep your Zoom meetings and live streams more secure. As a response to these problems, the Californian-based company has released its Zoom 5.0 update featuring new security enhancements which will help to improve the privacy of the platform. This is all part of Zoom’s 90-day plan to seek out and deal with security issues in the app.
 
Zoom has trumpeted the arrival of version 5.0 of its desktop software for Windows, Mac and Linux and the new version will include many of the security fixes we've recently seen for the Zoom web interface, including the abilities to kick out Zoom bombers from meetings, make sure meeting data doesn't go through China anymore and put everyone waiting for a meeting in a "waiting room." With Zoom 5.0, the encryption algorithm has been strengthened, but this still does not change the fundamental architecture  which does not fully implement end-to-end encryption.
 
At the same time, given the recent intense scrutiny of Zoom's infrastructure, the changes in version 5.0 represent a renewed commitment to helping users safeguard confidentiality, but some experts are saying that whilst the security within the app has improved, Zoom still isn’t offering full end-to-end encryption like platforms such as WhatsApp and Wire, 
 
Guardian:      The Covresation:     Toms Guide:    ITPro:        Standard:      Computer Weekly
 
You Might Also Read: 
 
Security Advice For Using Video Conference Tools:
 
 
 
« Effective Cyber Security Training Using The GoCyber App
UK Virus Tracking App Goes On Trial »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Zertificon Solutions

Zertificon Solutions

Zertificon is a leader in professional email encryption and data security.

MaxMind

MaxMind

MaxMind is an industry-leading provider of IP intelligence and online fraud detection tools.

Hitachi Systems Security

Hitachi Systems Security

Hitachi Systems Security provides customized services for monitoring and protecting the most critical and sensitive IT assets in our clients’ infrastructures 24/7.

Office of the Government Chief Information Officer (OGCIO) - Hong Kong

Office of the Government Chief Information Officer (OGCIO) - Hong Kong

OGCIO supports the development of community-wide information technology infrastructure and setting of technical and professional standards to strengthen Hong Kong’s position as a world digital city.

Brighter AI

Brighter AI

Brighter AI empowers companies to use publicly-recorded camera data for analytics & AI while being compliant with increasing data privacy regulations worldwide.

Elitecyber Group

Elitecyber Group

Elitecyber group is a team of Cyber Security recruitment experts who work for Cyber Security and Cyber Defence clients and candidates throughout Europe.

White & Black

White & Black

White & Black are specialist corporate & technology lawyers based in London & Oxford.

Sum&Substance (Sumsub)

Sum&Substance (Sumsub)

Sum&Substance is a developer of remote verification solutions. Our technology allows online services around the world to meet regulatory requirements, prevent fraud and enhance customer confidence.

Cryptika

Cryptika

Cryptika is a fully integrated IT security and managed services provider, specialized in Next-Generation Cyber Security Technologies.

Scythe

Scythe

SCYTHE is a next generation red team platform for continuous and realistic enterprise risk assessments.

GAVS Technologies

GAVS Technologies

GAVS is a global IT services provider with focus on AI-led Managed Services and Digital Transformation.

Paradyn

Paradyn

Paradyn-managed security services can provide a holistic view of your business environment, no matter how simple or complex it is.

Fenix24

Fenix24

Fenix24 is an industry leader in the incident-response space. We ensure the fastest response, leading to the full restoration of critical infrastructure, data, and systems.

Triangle

Triangle

Triangle enable innovative business transformation by ensuring critical hybrid infrastructures are optimised, interoperable and secure.

ActiveFence

ActiveFence

ActiveFence enables Trust & Safety teams to be proactive about online integrity so they can keep their users safe from online harm – across content formats, languages, and abuse areas.

Netcraft

Netcraft

Netcraft is a global leader in cybercrime detection and disruption, combining cutting-edge technology with decades of experience to protect organizations of all sizes from digital threats and attacks.