SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image

Zoom launches post-quantum encryption to secure user data

Thu, 23rd May 2024

Zoom has announced the enhancement of its security framework by introducing post-quantum end-to-end encryption (E2EE) in Zoom Workplace. This development makes Zoom the first Unified Communications as a Service (UCaaS) provider to implement such advanced encryption in video conferencing.

The rollout of post-quantum E2EE is presently available for Zoom Meetings, with Zoom Phone and Zoom Rooms expected to follow suit. This move addresses the increasing necessity to safeguard user data against advanced adversarial threats. One significant threat, identified as "harvest now, decrypt later," involves attackers capturing encrypted network traffic with the intent to decrypt it later once quantum computing becomes more powerful.

Zoom's initiative aims to protect user data from potential future threats posed by quantum computers capable of breaking classical encryption. While these potent quantum machines are not yet generally available, Zoom's proactive stance upgrades its encryption algorithms to withstand such advanced threats whenever they materialise, be it five years from now or later.

Michael Adams, Chief Information Security Officer at Zoom, remarked, "Since we launched end-to-end encryption for Zoom Meetings in 2020 and Zoom Phone in 2022, we have seen customers increasingly use the feature, which demonstrates how important it is for us to offer our customers a secure platform that meets their unique needs." Adams added, "With the launch of post-quantum E2EE, we are doubling down on security and providing leading-edge features for users to help protect their data. At Zoom, we continuously adapt as the security threat landscape evolves, with the goal of keeping our users protected."

When E2EE is enabled for meetings, Zoom's system only provides participants with access to the encryption keys needed to secure the meeting. This protocol applies to both post-quantum E2EE and standard E2EE. As Zoom's servers do not hold the required decryption key, any encrypted data relayed through them remains indecipherable. To further guard against "harvest now, decrypt later" attacks, Zoom's post-quantum E2EE employs Kyber 768, an algorithm being standardised by the National Institute of Standards and Technology (NIST) under the Module Lattice-based Key Encapsulation Mechanism (ML-KEM) in FIPS 203.

Zoom's upgrade underscores its commitment to evolving its security measures in tandem with changing technological threats, ensuring continued user protection. The initiative reflects Zoom's broader mission to deliver a secure, efficient platform for modern workspaces. Zoom Workplace, powered by Zoom AI Companion, integrates solutions such as meetings, team chat, phone, scheduler, whiteboard, spaces, and more, aimed at optimising communications, productivity, and employee engagement.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X