Are you using Zoom yet? Everyone who's been forced to work, or do schoolwork, from home during the coronavirus lockdown seems to be using the video-conferencing platform for meetings, classes and even social gatherings.
There are good reasons Zoom has taken off and other platforms haven't. Zoom is easy to set up, easy to use and lets up to 100 people join a meeting for free. It just works.
But there's a downside. Zoom's ease of use makes it easy for troublemakers to "bomb" open Zoom meetings. Information-security professionals say Zoom's security has a lot of holes.
Zoom video-conferencing app is not a safe platform By Cyber Security.
The government’s warning has come after India's nodal cyber security agency – Computer Emergency Response Team of India (CERT-in) had cautioned against the vulnerability of the app.
" Zoom is a not a safe platform," the Cyber Coordination Centre (CyCord) of ministry of home affairs said in a new 16-page advisory.
The government’s warning comes after India's nodal cyber security agency – Computer Emergency Response Team of India (CERT-in) - had cautioned against the vulnerability of the app. The agency had pointed out that the app has significant weaknesses which can make users vulnerable to cyber attacks, including leakage of sensitive information .
The government has reissued new guidelines after many users have complained about instances of leaked passwords and hackers hijacking video calls midway through conferences.
Create a new user ID and password for each meeting
Create a waiting room in the app so that a user will be able to enter the meeting only when the host gives him permission
Disable Join feature before hosting
Allowing Screen sharing by Host only
Disabling "Allow removed participants to re-join"
It is recommended to restrict or disable file transfer
When all participants have joined, it has been advised to lock the meeting
Restrict the recording feature
To end meeting (not just leave, if you are an administrator)
Why Zoom needs to be updated
In a blog post, Zoom explained that from May 30, “GCM encryption will be fully enabled for all meetings.” It states that all Zoom clients and Zoom Rooms should be on version 5.0 or higher in order to join any meeting.
“On May 30, Zoom will cut over all accounts to GCM encryption,” it adds. Further, it states that both the desktop client and Zoom Rooms controller will need to be updated. The support for enhanced GCM encryption was added with Zoom 5.0 in April and this will be implemented system-wide from May 30.
A new green encryption shield icon will also be visible from May 30 indicating that enhanced GCM encryption is enabled. With the late April release of Zoom version 5.0 an encryption shield in the upper left of the Zoom meeting window was added, and from May 30, this icon will turn green. Clicking on it will show the statistics page for additional encryption details. Now, Zoom has urged all its users to update to Zoom 5.0.
What is GCM encryption?
GCM or Galois/Counter Mode encryption is an algorithm for authenticated encryption of data that provides assurance of authenticity of the confidential data. It is a mode of operation of the Advanced Encryption Standard (AES) algorithm constructed from a block size of 128-bits. Essentially, GCM encryption provides a layer of protection for your data and resistance to tampering.
With Zoom 5.0 update, support for AES 256-bit GCM encryption was added. 256-bit encryption is much stronger than 128-bit as a bigger key size (256 vs 128) has higher chance of remaining secure. This means that if someone were to attempt to hack encrypted data, 256-bit encrypted data would take significantly longer to crack.
Other Zoom enhancements and upcoming features
This AES 256-bit GCM encryption will be enabled system-wide from May 30 in Zoom and users will need to have updated clients and app to join meetings. The security icon in the meeting will let the host easily lock/unlock meetings, enable/disable waiting rooms, enable/disable in-meeting chat, enable/disable participant renaming, enable/disable screen sharing, remove a participant, and report a participant. Notably, these options are available in Zoom 5.0.
The Zoom blog also points out some upcoming enhancements including displaying non-video participants via their avatar by default and turning off call history by default. On June 30, enhanced encryption between Zoom Rooms controller and Zoom Rooms will be enabled. Zoom Rooms controllers that do not have the recommended version 5.0 or higher will stop functioning.
This comes at a time when a large number of people are reliant on video conferencing tools for communication as they are confined to their homes during the lockdowns. Improving security and making efforts in developing a more secure platform is always a plus, however, real world implications of these enhanced security measures remain to be seen. Zoom users can update to the latest version by heading to the website or head to the Play Store or App Store for mobile apps.