News
News Categories

Zoom’s end-to-end encryption comes at a price to use

By Ken Wong - on 28 Oct 2020, 11:26am

Zoom’s end-to-end encryption comes at a price to use

The update finally delivers much waited for security. Image courtesy of Unsplash.

Zoom received a lot of criticism for security lapses early on during the pandemic when there was large scale adoption of video conferencing as we began to work from home (WFH).

To their credit, they responded by rolling out a series of updates to address these concerns. And their most recent announcement plugs a hole that many have waited for, that of end-to-end encryption.

 

256-bit AES-GCM FTW!

Although initially promised only to paid customers, Zoom has made it available to both free and paid users. It is available immediately as a technical preview, meaning that the company is soliciting feedback from Windows, Mac, Linux and Android users for the next 30 days. Zoom is still awaiting approval from Apple for the iOS version.

In typical meetings, Zoom’s cloud meeting server generates encryption keys for every meeting and distributes them to meeting participants using Zoom clients as they join.

With Zoom’s new E2EE, that uses 256-bit AES-GCM encryption, the meeting’s host generates encryption keys and uses public-key cryptography to distribute these keys to the other meeting participants. Zoom’s servers never see the encryption keys required to decrypt the meeting contents so the data going through Zoom’s servers can’t be read by the company since they can’t decrypt it without the necessary decryption key.

Account admins can enable this E2EE feature in their web dashboard at the account, group, and user level. It can also be locked at the account or group level. If enabled, the host can toggle on and off E2EE for any given meeting depending on the level of security and level of functionality they would like.

During this phase one technical preview, meeting participants must join from the Zoom desktop client, mobile app, or Zoom Rooms for E2EE-enabled meetings.

 

Not everything is rosy though

The security update can cause issues. Image courtesy of Zoom.

But this additional security has caused some problems with existing Zoom features.

All participants have to use a Zoom app that supports end-to-end encryption, as the browser version will not work. Users on an encrypted call won’t be able to use Zoom’s cloud recording, live transcription, and meeting reactions features. Furthermore, Zoom says that enabling E2EE disables certain meeting features like one to one private chats.

Zoom says that phase two will launch sometime in 2021.

Join HWZ's Telegram channel here and catch all the latest tech news!
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.