Zoom has gone through a turbulent rise in recent months, welcoming millions of new users on the platform while at the same time trying to fight negative publicity that came from all corners. As we discussed at the start of the month, the teleconferencing app laid the ground for end-to-end encryption through the acquisition of Keybase, but the results of this move will start showing later. For now, users are advised to update to version 5.0 or later, which was dropped as a lifeboat in an ocean of security and privacy problems.
For this reason, Zoom is not limiting itself to urging the users to update, but instead, they are compelling them to do so. If you don’t upgrade your Zoom client to version 5.0 or later by May 30, 2020, you will not be able to create or join any Rooms, as the recently-introduced GCM encryption will now be enabled by default for everyone. Moreover, version 5.0 offers more control over what meeting participants are allowed to do, and more settings concerning locking the meetings, the share screen, the chat, or the renaming of the members. In addition to the above, Zoom 5.0 has brought the long-sought-after “reporting” mechanism and the ability to kick someone out, assign a new host upon leaving the Room, or request a participant to unmute.
But the main reason why everyone is forced to 5.0 or later is the AES 256-bit GCM encryption. It isn’t end-to-end, but it’s still a pretty fast and secure stream cipher that makes it hard for potential infiltrators to decrypt any stolen data. That said, the implementation of GCM denotes that we’re not there yet, but a big step in the right direction has been made. Previously, Zoom was using a “novice-level” encryption scheme, so updating to 5.0 or later should be non-debatable.
All that said, it is worth noting that you may now receive phishing or scamming messages urging you to update to the latest Zoom version and trying to convince you to click on an embedded button that will initiate the download of Zoom 5.0. Crooks are ready to exploit everything, so be very careful and never download anything from links or buttons inside email messages. These would be tampered-with Zoom versions that contain malware in the best-case scenario. Instead, visit the official software sources of Zoom on the project’s website, and grab the files you need from there.