SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Zoom to begin rolling out end-to-end encryption
Thu, 15th Oct 2020
FYI, this story is more than a year old

Zoom has begun a ‘technical preview' of its end-to-end encryption (E2EE) offering, available for both free and paid users, the company revealed in a post on its blog today.

Available starting from next week, it represents the first phase out of four of the company's greater E2EE offering, which was announced in May following backlash that the company was lax on its security and privacy.

The new encryption will provide ‘robust protections' to help prevent the interception of decryption keys that could be used to monitor meeting content, Zoom head of security engineering Max Krohn wrote in the blog post.

The new E2EE uses the same GCM encryption used currently, but shifts the location of those encryption keys; when a host creates a meeting, encryption keys are automatically generated, which then use public key cryptography to distribute the keys to the other participants.

Krohn says Zoom's servers become ‘oblivious servers', with no visibility of the keys required to decrypt the meeting because the keys are generated by participant's machines rather than Zoom's servers.

Zoom CEO Eric Yuan says the move is the next step in fortifying the security of its video communication service.

“End-to-end encryption is another stride toward making Zoom the most secure communications platform in the world,” says Yuan.

“This phase of our E2EE offering provides the same security as existing end-to-end-encrypted messaging platforms, but with the video quality and scale that has made Zoom the communications solution of choice for hundreds of millions of people and the world's largest enterprises.

As part of the new service, hosts can enable the setting for E2EE at the account, group, and user level and can be locked at the account or group level. For it to function correctly in Phase 1, all meeting participants must join from the Zoom desktop client, mobile app, or Zoom Rooms, according to the blog post.

During the first phase, however, several services will be disabled if E2EE is enabled, including cloud recording, streaming, live transcription, Breakout Rooms, polling, 1:1 private chat and meeting reactions.

The news follows Zoom's announcement last month of its Q2 2021 financial results, in which it saw a vast increase its profit, cash flow and GAAP income - culminating in a massive 355% year-on-year increase in revenue.

Yuan says the world's shift towards remote solutions and amidst business continuity concerns at the beginning of the year has greatly affected the company's standing.

“Organisations are shifting from addressing their immediate business continuity needs to support a future of working anywhere, learning anywhere, and connecting anywhere on Zoom's video-first platform,” says Yuan.

At Zoom, we strive to deliver a world-class, frictionless, and secure communication experience for our customers across locations, devices, and use cases.