Zoom bolsters software security in latest move to reassure users

The updates are an effort to adapt to the unprecedented amount of people using Zoom during the pandemic.
Zoom CEO Eric Yuan
Zoom CEO Eric Yuan. (Zoom / YouTube)

Zoom, the videoconferencing service whose popularity has soared during the coronavirus pandemic, on Wednesday said it was adding security measures to its software following scrutiny from independent researchers.

The next version of Zoom, to be released this week, will have stronger encryption for data sent between participants in a meeting to prevent tampering, the Silicon Valley-based company said. The software will also allow Zoom account administrators to choose which parts of the world they route their data through. The upgrade follows a report from the University of Toronto’s Citizen Lab that found Zoom routed some meeting encryption keys through China.

The updates are an effort to adapt to the unprecedented amount of people using Zoom as they work from home during the COVID-19 pandemic.

Zoom had about 200 million daily meeting participants in March, and the Silicon Valley company at first appeared unprepared for the privacy and security implications of the surge. “The risks, the misuse, we never thought about that,” Zoom CEO Eric Yuan told the New York Times.


But after researchers found vulnerabilities in the Zoom app that malicious hackers could use to compromise users’ communications, and some U.S. lawmakers criticized the company’s practices, Zoom pledged to prioritize security. The company also brought in experts to improve its bug bounty program, and has earned praise from researchers for quickly fixing software bugs.

Even so, some government bodies, including the U.S. Senate and Germany’s foreign ministry, have reportedly restricted use of the app over security concerns.

But all software has vulnerabilities. How vendors and users deal with them determines how exposed organizations are.

“When it comes to any external vendor, you’re constantly balancing the reward of the service they offer with the risk of using that service,” said Bruce Potter, chief information security officer of security company Expel.

Zoom’s exposure to public scrutiny has made the app more secure, Potter wrote in a recent blog post. “They’re not burying their heads in the sand and they’re being very transparent.”

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts