Zoom is finally working on end-to-end encryption for more secure meetings

Zoom's meteoric rise in popularity is undeniably impressive. The video conferencing app is being used by many around the world in recent months, but the system's security has always been questionable.

Recent problems with the videoconferencing app have included an issue with unwanted guests letting themselves into meetings and bombarding participants with inappropriate content. That was such an issue that it even got its own terminology - Zoom Bombing

Other problems have even lead security experts to advise against using Zoom.

Zoom has worked to alleviate the problems with changes that included setting passwords by default and using virtual waiting rooms to stop unwanted guests joining, but as of yet, the app is still lacking end-to-end encryption. 

That's apparently set to change though. Zoom has announced a plan for its end-to-end-encrypted offering. This plan has been published on GitHub and is open to user feedback. It's also a plan that's set out in several phases, but one that should mean that the system eventually is far more secure. 

At the moment it's possible for hackers to break into meetings and decrypt the data and that's down to the way Zoom handles shared meeting keys. 

According to the plans, in future users will be able to activate end-to-end security, but doing so will then disable the ability to record the meeting (in the cloud) and will also force all users to run the official Zoom meeting software. Dial-in participation, web-users and other legacy devices will no longer be able to access those meetings. 

Zoom's plans for end-to-end encyption are summarised at the end of the document:

"We have proposed a roadmap for bringing end-to-end encryption technology to Zoom Meetings. At a high level, the approach is simple: use public key cryptography to distribute a session key to a meeting's participants and provide increasingly stronger bindings between public keys and user identities. However, the devil is in the details, as user identity across multiple devices is a challenging problem, and has user experience implications. We proposed a phased deployment of end-to-end security, with each successive stage giving stronger protections."

This rollout is clearly going to take some time, but it's good to see Zoom making steps to improve security and listening to user feedback while doing so. 

Commentaires