Is zoom safe now after 5.0 update? What are the changes they did in their latest version?
We all know that after lockdown due to COVID 119 we have to face various problems, basically who are added in school, college or office, company. To compensate for this problem we used work from the home method. In this method video calling is mandatory, for which we used zoom application, it had some features and basically, free features which made it better than its alternatives, but it’s all features were meaningless because of its security for which it was cherry on the hot cake of criticism. But zoom returns with its new update and based on which they are claiming it’s not only safe but also safest.
To examine their claims we have to examine the new updates. Let’s go:
1. IS AES 256-bit GCM secured enough?
What is GCM encryption:
In Cryptography GCM stands for Glorious Counter Mode, which is a mode of operation for symmetric key cryptographic block ciphers. The operation is an authenticated encryption algorithm designed to provide both data authenticity (integrity) and confidentiality.
What is AES encryption?
There are two types of encryption – Symmetric and Asymmetric. Symmetric encryption is in which the same key is used for both encryption and decryption, an example is AES. Asymmetric encryption is in which data is encrypted using a publically available key and it can be decrypted using only the correct private key available to the recipient, for example, RSA. So basically asymmetric encryption is better than symmetric encryption but where what is used is considerable. Asymmetric encryption RSA is used to connect to a secure HTTPS website by using TLS key exchanging, but symmetric encryption AES is used in other fields such as to secure a private hard drive situated in our local pc. And in this perspective, AES is better than RSA because 1. AES is 1000 times faster than RSA,2. It needs less computational power, 3. It can encrypt a bulk amount of data.
What is 256-bit AES encryption?
To know this we need to know how AES works. Basically My data(what I wanna encrypt)+Private key(A 128 bit or 192 bit or 256-bit variable created at the time of algorithm)+cipher(The encryption method AES or RSA)= cipher data(encrypted data). Now we have to focus on the operation of ciphers. The cipher (here AES) uses the original private key to create a number of “Round keys” by Rijndael’s key schedule operation. It uses this algorithm to perform several round operations(basically XOR operation). Now come to the point that how many rounds of operation is needed depends on the bit of encryption. 128-bit needs 10 rounds, 192-bit needs 12 rounds and 256-bit needs 14 rounds.
So in short AES 256-bit GCM encryption is secured enough for zoom 5.0
2. Show the connected data center:
Now the host can select the data center region, besides the participants can see the data center details they are connected to by the info icon at the upper left corner of the zoom window. In addition, if any host or organization outside of China does not wanna connect to the data center of mainland China, they are now able after 25th April.
There is news recently viral that zoom is now also facing allegations of Chinese link. The latest related to Zoom CEO Eric Yuan. In a blog post, Yuan has refuted all allegations of links to the Chinese government.
In a blog post, Yuan stresses stated that Zoom is an American company, founded and headquartered in California, incorporated in Delaware, and publicly traded on NASDAQ. He further added that he is an American citizen since 2007 and has been living in the US since 1997.
3. Personal Meeting ID(PMI) disable support:
In past you only can edit the PMI by the following steps:
1. First, go to your zoom application.
2. Then under the meeting ID window choose edit.
3. After that choose your meeting ID easy to remember. It can be your Phone number.
4. Then apply it.
However, now there is an option in settings where you can disable your meeting ID to prevent it from misuse.
4. Report a user during a meeting :
There are some guys who during meeting do not look at the host or if look at that person they do not listen to what he or she is discussing. I hope you understood what I’m saying. Some guys use this platform for flirting. Besides they can take a screenshot of that particular person (oh! it’s not less than watching a horror film when zoom meeting is held in slow connection, Sometimes I became afraid seeing even my own picture during a call). So, there are several humiliation processes a bad person who has joined the meeting with such a wish in his mind can do with these pictures.
So, there is a new update feature in zoom by which you (host) can prevent this problem. i.e. reporting. To do so click on the security icon and then report.
5. Indication of an external user :
Now in the zoom, you can see an indication “external” next to the user’s name if he or she is not a part of your zoom account. Besides you can also see this label in the user’s profile details and in the channel member’s list too.
6. Prevent private chatting with channel members outside of zoom account or organization:
Users will no longer be able to privately chat with other members of the same channel if they are not on the same Zoom account or organization. To continue chatting with contacts outside of their Zoom account, they can add them as external contacts.
7. Re-enable clickable links in meeting chat :
Users can now send clickable links through the in-meeting chat. N.B. the link must be included http or https.
8. Enhancements to meeting end/leave flow :
The host now has to assign a new host. Besides now a pop-up message will be displayed asking if the host is sure to leave or end the meeting when he clicks on the left button.
9. Select data center regions when scheduling a meeting:
Users can now select which data center regions they would like there in meeting traffic to use when scheduling a meeting.
10. Enhanced encryption :
It’s a phone feature. Zoom supports secure voice calls across all supported SIP devices, desktop, and mobile clients. Zoom Phone supports standards-based encryption using SIP over TLS 1.2 Advanced Encryption Standard (AES) 256-bit algorithm for calls and during phone provisioning sessions. In addition, call media is transported and protected by SRTP with AES-256 bit algorithm for Zoom desktop and mobile clients, and with AES-128 bit algorithm for devices.
11. Minor bug fixes
Minor bug of April 12, 2020 Version 4.6.11 (20553.0413)
N.B. These all are the updates of zoom version 5.0.23478.0429
From 5.0 zoom changes many things in their project to remove the criticism and ill-fame and especially reputation fall regarding security.