Zoom bolsters software security in latest move to reassure users
Zoom, the videoconferencing service whose popularity has soared during the coronavirus pandemic, on Wednesday said it was adding security measures to its software following scrutiny from independent researchers.
The next version of Zoom, to be released this week, will have stronger encryption for data sent between participants in a meeting to prevent tampering, the Silicon Valley-based company said. The software will also allow Zoom account administrators to choose which parts of the world they route their data through. The upgrade follows a report from the University of Toronto’s Citizen Lab that found Zoom routed some meeting encryption keys through China.
The updates are an effort to adapt to the unprecedented amount of people using Zoom as they work from home during the COVID-19 pandemic.
Zoom had about 200 million daily meeting participants in March, and the Silicon Valley company at first appeared unprepared for the privacy and security implications of the surge. “The risks, the misuse, we never thought about that,” Zoom CEO Eric Yuan told the New York Times.
But after researchers found vulnerabilities in the Zoom app that malicious hackers could use to compromise users’ communications, and some U.S. lawmakers criticized the company’s practices, Zoom pledged to prioritize security. The company also brought in experts to improve its bug bounty program, and has earned praise from researchers for quickly fixing software bugs.
Even so, some government bodies, including the U.S. Senate and Germany’s foreign ministry, have reportedly restricted use of the app over security concerns.
But all software has vulnerabilities. How vendors and users deal with them determines how exposed organizations are.
“When it comes to any external vendor, you’re constantly balancing the reward of the service they offer with the risk of using that service,” said Bruce Potter, chief information security officer of security company Expel.
Zoom’s exposure to public scrutiny has made the app more secure, Potter wrote in a recent blog post. “They’re not burying their heads in the sand and they’re being very transparent.”