In the midst of the corona pandemic, countless people around the world are using video conferencing not only to listen to their family and friends, but to watch them as well. In addition to long-standing programs like Skype, Zoom in particular became popular. The advantage: with the app, thousands of people can be present at a conference at the same time.
But the increased access also shows how robust and well-developed the applications really are. As Zoom CEO Eric Yuan has already admitted, Zoom lacks some security measures, but they were only noticed through the attack. But that should end in the future.
New security standards in Zoom
As tech magazine TechCrunch reports, two new measures are now effective against the so-called “zoom blitz.” The company also sets up a password query. If a user receives the link or ID for the Zoom meeting, they must enter the corresponding password in order to join the conference.
How is it supposed to work? The company imagines the scenario as follows: If a phone call is spontaneous, a Zoom customer displays the appropriate PIN. If, on the contrary, the meeting has been planned in advance, the organizer sends the corresponding password to the participants by invitation.
The conference moderator also has more powers so that users cannot join the conference directly and arbitrarily. In addition to the password query, there is now also a waiting room. The moderator manually decides which participants can attend the conference and which cannot, at least in theory.
Weak data protection for Zoom users
The problem so far is that unauthorized people can easily steal the link to a conference. On the other hand, the application is not fully encrypted. Above all, the fact that end-to-end encryption with Zoom only guarantees chats and between active participant terminals caused a stir. That means: always only from user to zoom server. Also, encryption should not be effective if conference participants are connecting to a conference from the Zoom software and from the phone.
Additionally, the company admitted in another blog post that the February video conferences were conducted in part via servers located in China. Even if the conferences were not held in China. The background: Since Zoom wasn’t equipped for the huge access, the company put many new servers up and running to make themselves available to the new masses. Countless of these new servers are also in China, as they say. According to Eric Yuan, the routing has been changed again since April 3, so only servers close to the user are used.