Posts

About Zoom Security

Written by Daman Grewal on May 22, 2020

I have been receiving a lot of questions regarding Zoom security. I want to make sure all of you are aware that over the past few days, Zoom has made handful of changes to encrypt data and prevent Zoombombing.

For example, you must now give permission to others before they can share their desktop screen. Zoom has also enabled the “Waiting Room” feature by default, giving you the ability to control who is able to enter your meeting. Other recommendations include using the lock feature to prevent further access to your virtual classroom and disabling the join before host option. 

Below are some useful links provided by Zoom highlighting the recently made changes to protect end user data, encryption, and securing of virtual classrooms.

Zoom’s CEO has also announced that the company is freezing product development for 90 days in order to focus on boosting the security of its services.

Additionally, see this guide for best Zoom security practices from the California Community Colleges Information Security Center.

We are excited to announce that Zoom 5.0 is now live!

To learn more about Zoom 5.0 Update view their latest release.

Please begin updating all your clients to Zoom 5.0 now.

After May 30, 2020, all Zoom clients on older versions will receive a forced upgrade when trying to join meetings as GCM Encryption will be fully enabled across the Zoom platform.

Zoom’s latest updates have ensured the following functions:

  • Resolved an issue where a subset of meetings were deleted when an invitee with scheduling privilege declined the invitation – Windows
  • Minor bug fixes
  • Resolved an issue where users needed to be authenticated and on the same account to view cloud recordings even if that setting is not turned on by admin or host

Changes to existing features 

  • Prevent private chatting with channel members outside of Zoom account or organization – Windows, macOS, Linux, iOS, Android
    Users will no longer be able to privately chat with other members of the same channel if they are not on the same Zoom account or organization. To continue chatting with contacts outside of their Zoom account, they can add them as external contacts.
  • Re-enable clickable links in meeting chat – iOS, Android
    Users will be able to send clickable links through the in-meeting chat. The link must include http or https to be clickable. 
  • Copied URL will not include password if the web setting Embed password in meeting link for one-click join is disabled  – Windows, macOS, Linux, iOS, Android
    If the host has the web setting Embed password in meeting link for one-click join disabled in the Zoom web portal, the Zoom client will no longer include the password in the URL when inviting new participants. 
  • Enable the setting Blur snapshot on iOS task switcher – iOS
    This setting blurs the preview screen in the iOS task switcher when multiple apps are open, to hide potentially sensitive information.  

New and enhanced features

  • AES 256-bit GCM encryption  – Windows, macOS, Linux, iOS, Android
    Zoom is upgrading to the AES 256-bit GCM encryption standard, which offers increased protection of your meeting data in transit and resistance against tampering. This provides confidentiality and integrity assurances on your Zoom Meeting, Zoom Video Webinar, and Zoom Phone data. This version of the Zoom client will support GCM encryption when it is automatically enabled for all accounts on May 30. 
  • Meeting features
    • Report a user during a meeting – Windows, macOS, Linux, iOS, Android
      The meeting host can now report a user during a meeting by clicking on the Security icon, then Report. This feature will generate a report which will be sent to the Zoom Trust and Safety team to evaluate any misuse of the platform and block a user if necessary. 
    • Additional feedback options at the end of a meeting – Windows, macOS
      Users will now have the ability to provide additional feedback if the setting Post meeting feedback survey is enabled. This feedback can also be viewed in Dashboard and can be downloaded as a spreadsheet. This setting was previously named Display end of meeting feedback survey.
    • Enhancements to meeting end/leave flow – Windows, macOS, Linux, iOS, Android
      The host will now be required to assign a new host when leaving the meeting. Additionally, the pop-up message asking if the host would like to leave or end the meeting will now be displayed by the Leave button. 
    • Show the connected data center  – Windows, macOS, Linux, iOS, AndroidUsers can see which data center they are connected to by clicking on by clicking on the info icon at the top left of the client window.
    • Select data center regions when scheduling a meeting  – Windows, macOS, Linux, iOS, Android
      Users can now select which data center regions they would like their in meeting traffic to use when scheduling a meeting.
  • Chat features
    • Indication of an external user  – Windows, macOS, Linux, iOS, AndroidUsers will have the label “External” next to their name if they are not part of your Zoom account. This label will be displayed in one on one messages. This label will also be displayed in the user’s profile details when you hover over their profile picture and in the channel members list. 
  • Phone features
    • Enhanced encryption – Windows, macOS, Linux, iOS, AndroidZoom supports secure voice calls across all supported SIP devices, desktop, and mobile clients. Zoom Phone supports standards-based encryption using SIP over TLS 1.2 Advanced Encryption Standard (AES) 256-bit algorithm for calls and during phone provisioning sessions. In addition, call media is transported and protected by SRTP with AES-256 bit algorithm for Zoom desktop and mobile clients, and with AES-128 bit algorithm for devices.
  • Consent for unmute: When a meeting host has muted a participant, they can no longer unmute that person without their consent. That participant will now receive a prompt asking for consent to be unmuted. Note: With this feature, the option for hosts to Unmute All participants at once has been removed, but will return in a later release.
  • New audio for Waiting Rooms: We’ve created a specific audio chime for when someone hits the Waiting Room, so hosts are aware that they’re there. You can also enable the “Play sound when participants join or leave” feature to hear alerts when participants are coming and going.
  • Temporarily removed GIPHY: To ensure strong privacy protection for users, we’ve temporarily removed the GIPHY integration in Zoom Chat. Once additional technical and security measures have been deployed, we will re-enable the feature.
  • Meeting information during screen share: Participants can now access meeting information, such as meeting ID, when sharing their screen. Find it under “More” in the meeting controls.
  • Multiple login restrictions: For meetings that require registration, hosts can choose whether to allow participants to join from multiple devices. This is available under Registration Options of the meeting details section in the web portal.

New updates for the Outlook plugin

  • Select data center regions when scheduling a meeting – Windows, macOS
  • Users can now select which data center regions they would like their in meeting traffic to use when scheduling on the Zoom web portal. 
  • Enable Waiting Room when scheduling a meeting – macOS
  • Users can now enable Waiting Room on a meeting by meeting basis when scheduling. 

For more information and resources in the days to come please be sure to update to Zoom’s latest release to take advantage of these new features, and subscribe to their Blog!