Zoom's New, Stronger Encryption and Security Will Protect Paying Clients Not Free Accounts

The video-conference app Zoom plans to strengthen the encryption of its service for paying customers, but the upgrade will not be available to users of its free service. The tech company discussed the encryption boost on a call with civil liberties groups earlier this week.

Zoom security consultant Alex Stamos later confirmed the details of the reported move in an interview with Reuters, which first reported the changes on Friday.

But he also told the news outlet that Zoom's plans could still change.

"The CEO is looking at different arguments," Stamos said. "The current plan is paid customers plus enterprise accounts where the company knows who they are."

In the wake of privacy concerns, he added that Zoom was making significant efforts to upgrade safety and trust on its platform.

Zoom Video Conference App Logo
A Zoom App logo is displayed on a smartphone on March 30, 2020 in Arlington, Virginia. Olivier Douliery/AFP via Getty Images

In an emailed statement to Newsweek, a Zoom spokesperson said: "Zoom's approach to end-to-end encryption is very much a work in progress - everything from our draft cryptographic design, which was just published last week, to our continued discussions around which customers it would apply to."

The tech company's plans to boost the encryption of video calls on its platform have been revealed a month after it was reported that half a million Zoom account credentials were being sold on the Dark Web.

The cybersecurity firm that discovered the breach bought more than 530,000 account credentials for less than one cent each in April. Among the credentials up for sale on the Dark Web were user email addresses, passwords and conference call URL links.

Zoom has experienced huge growth amid the ongoing coronavirus pandemic, with its user base rising from 10 million daily users in December 2019 to around 200 million in March this year.

But as its user base has grown, so have public fears about the security capabilities of the platform.

New York Attorney General Letitia James sent a letter to Zoom at the end of March questioning the app's ability to shield people's webcams from hackers. She also argued its "existing security practices" may struggle to keep up with the boom in demand.

FBI officials also issued a warning about the practice of "Zoom-Bombing," where individuals not invited to a private meeting hijack the call.

To combat the issue of "Zoom-Bombing," the tech firm released details of an update to the platform's encryption and security in late April. The update made meeting passwords a default feature and grouped security settings into one area.

"Hosts can require all participants to register for the meeting, where they enter their first name, last name, email address, and other information, which the host can then confirm," Zoom said in a blog post at the time.

"Hosts can also use the security icon to disable the ability for participants to rename themselves."