Zoom update will bring a welcome security upgrade - but only for some customers

Zoom
(Image credit: Shutterestock)

Your morning team catch-up could be about to get a welcome security boost after Zoom revealed new plans to boost the encryption of video calls.

The video conferencing provider discussed its plans to offer improved encryption for premium users, including businesses and schools, during a recent call with civil liberties groups and organizations fighting sexual abuse.

In an interview with Reuters, security consultant at Zoom, Alex Stamos said the plan is subject to change and that at this time, it is still not clear whether nonprofits or other users that need additional security such as political dissidents may qualify for access to the company's premium accounts.

During the pandemic, Zoom has attracted millions of free and paying customers as its video conferencing software allows users to join a meeting without registering first. However, this has also led to users of the service having their meetings disrupted through a practice known as 'Zoom-bombing' where hackers and pranksters join public and private meetings they have not been invited to.

Zoom encryption

“Zoom’s approach to end-to-end encryption is very much a work in progress - everything from our draft cryptographic design, which was just published last week, to our continued discussions around which customers it would apply to,” a Zoom spokesperson told TechRadar Pro.

While businesses, schools and non-profit organizations can benefit greatly from the additional security that encryption brings, safety experts and law enforcement agencies have warned that sexual predators and other criminals are increasingly employing encrypted communications to help avoid being detected online. This could be one of the reasons why Zoom is planning to limit encryption to its paid users.

The company recently released a whitepaper titled “E2E Encryption for Zoom Meetings” in which it laid out its encryption plans. These plans have not yet been finalized according to the whitepaper that explains that Zoom is has begun “a process of consultation with multiple stakeholders, including clients, cryptography experts, and civil society” on the matter of encryption.

Following a series of security failures earlier this year that led some organizations to ban Zoom, the company hired Alex Stamos and other experts to help. Stamos provided further details to Reuters regarding how Zoom is improving its security, saying:

“At the same time that Zoom is trying to improve security, they are also significantly upgrading their trust and safety. The CEO is looking at different arguments. The current plan is paid customers plus enterprise accounts where the company knows who they are.”

If Zoom were to add full encryption to every meeting on its service, the company's trust and safety team would be unable to add itself as a participant which would make tackling abuse in real time far more difficult. At the same time, users who call into Zoom meetings from their telephones would be unable to do so if the company adopts an end-to-end model.

Via Reuters

TOPICS
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.