Zoom calls are not end-to-end encrypted, even though it says they are
Zoom isn’t as secure as it wants users to believe
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Zoom Video Communications has seen usage of itsvideo conferencingservice spike as a result of the coronavirus but a new report fromThe Intercepthas shed light on the fact that its claim that its meetings have end-to-end encryption are not true.
On its website and in a security-related white paper, the US-based video conferencing company boasts aboutend-to-end encryption. However, The Intercept discovered that the service actually uses transport encryption instead.
Transport encryption is a Transport Layer Security (TLS) protocol which secures the connection between a user and the server they are connected to. TLS is also used to help secure connections between users and any website they visit withHTTPSprotocol.
Make careless data decisions history with our dark web monitoring and alerts. Get Dashlane for seamless, private ‘interneting’ with 2FA (two-factor authentication) by default. Your privacy matters to us so that’s why there’s no limit on devices or passwords stored or shared.
However, the main difference between transport encryption and end-to-end encryption is that while others won’t be able to access your data, Zoom will still be able to.
End-to-end encryption
In a statement toThe Intercept, a Zoom spokesperson revealed that the service is unable to provide end-to-end encryption at the moment, saying:
“Currently, it is not possible to enable E2E encryption for Zoom video meetings. Zoom video meetings use a combination of TCP and UDP. TCP connections are made using TLS and UDP connections are encrypted with AES using a key negotiated over a TLS connection.”
Basically the company clarified that its use of the phrase “end-to-end” in its white paper is in reference to the connection being encrypted between Zoom endpoints. This means that other people can’t access the data shared during Zoom video calls but the company itself still can.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Despite its recent surge in popularity, a number of privacy issues have come to light surrounding the service such as how its iOS app was found to be sending data to Facebook without explicit user consent. Thankfully Zoom recentlyremoved the codethat was sending data to the social network.
Additionally a new report fromBleeping Computerrevealed that it is possible for hackers to steal passwords through Zoom’s Windows client.
ViaTNW
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.
This new phishing strategy utilizes GitHub comments to distribute malware
Should your VPN always be on?
NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)
