Zoom, the video conferencing app, became quite popular over the last few months because of the coronavirus lockdowns. But, it has come under a lot of scrutiny due to the privacy and security concerns that directly affect its users. Now, Zoom is taking more steps towards creating a safer virtual environment with system-wide security enhancements and Galois/Counter Mode (GCM) encryption. The service has urged all its users, through a blog post, to update the app and web client before May 30 as GCM encryption will become mandatory for all meetings and will be enabled system-wide from the date.
Why Zoom needs to be updated
In a blog post, Zoom explained that from May 30, “GCM encryption will be fully enabled for all meetings.” It states that all Zoom clients and Zoom Rooms should be on version 5.0 or higher in order to join any meeting.
“On May 30, Zoom will cut over all accounts to GCM encryption,” it adds. Further, it states that both the desktop client and Zoom Rooms controller will need to be updated. The support for enhanced GCM encryption was added with Zoom 5.0 in April and this will be implemented system-wide from May 30.
A new green encryption shield icon will also be visible from May 30 indicating that enhanced GCM encryption is enabled. With the late April release of Zoom version 5.0 an encryption shield in the upper left of the Zoom meeting window was added, and from May 30, this icon will turn green. Clicking on it will show the statistics page for additional encryption details. Now, Zoom has urged all its users to update to Zoom 5.0.
What is GCM encryption?
GCM or Galois/Counter Mode encryption is an algorithm for authenticated encryption of data that provides assurance of authenticity of the confidential data. It is a mode of operation of the Advanced Encryption Standard (AES) algorithm constructed from a block size of 128-bits. Essentially, GCM encryption provides a layer of protection for your data and resistance to tampering.
With Zoom 5.0 update, support for AES 256-bit GCM encryption was added. 256-bit encryption is much stronger than 128-bit as a bigger key size (256 vs 128) has higher chance of remaining secure. This means that if someone were to attempt to hack encrypted data, 256-bit encrypted data would take significantly longer to crack.
Other Zoom enhancements and upcoming features
This AES 256-bit GCM encryption will be enabled system-wide from May 30 in Zoom and users will need to have updated clients and app to join meetings. The security icon in the meeting will let the host easily lock/unlock meetings, enable/disable waiting rooms, enable/disable in-meeting chat, enable/disable participant renaming, enable/disable screen sharing, remove a participant, and report a participant. Notably, these options are available in Zoom 5.0.
The Zoom blog also points out some upcoming enhancements including displaying non-video participants via their avatar by default and turning off call history by default. On June 30, enhanced encryption between Zoom Rooms controller and Zoom Rooms will be enabled. Zoom Rooms controllers that do not have the recommended version 5.0 or higher will stop functioning.
This comes at a time when a large number of people are reliant on video conferencing tools for communication as they are confined to their homes during the lockdowns. Improving security and making efforts in developing a more secure platform is always a plus, however, real world implications of these enhanced security measures remain to be seen. Zoom users can update to the latest version by heading to the website or head to the Play Store or App Store for mobile apps.