Zoom Rolls Out End-to-End Encryption As Technical Preview

The much-awaited decision from Zoom has finally arrived. As announced recently, Zoom now rolls out end-to-end encryption for all users as a 30-day technical preview.

Zoom End-to-End Encryption Is Out

Reportedly, Zoom finally rolls out end-to-end encryption as the initial phase of a long-term decision. In a recent post, Max Krohn, Head of Security Engineering at Zoom, has shared details about the much-awaited Zoom e2ee.

For now, Zoom’s e2ee will be available as a technical preview for 30 days. During this time, the firm strives to collect feedback from the users – both free and paid.

The company first announced this plan earlier this year. However, the initial plans aimed at paid users. However, soon after, the company confirmed Zoom’s e2ee availability to both the free as well as the paid users.

And now, they have confirmed this decision. As announced,

Zoom users – free and paid – around the world can host up to 200 participants in an E2EE meeting on Zoom, providing increased privacy and security for your Zoom sessions

Describing how the platform ensures the safety of the meetings, the post states,

Free/Basic users seeking access to E2EE will participate in a one-time verification process that will prompt the user for additional pieces of information, such as verifying a phone number via text message…
We are confident that by implementing risk-based authentication, in combination with our current mix of tools — including our work with human rights and children’s safety organizations and our users’ ability to lock down a meeting, report abuse, and a myriad of other features made available as part of our security icon — we can continue to enhance the safety of our users.

How Zoom E2EE Works

Regarding how it works, the company explained that Zoom already implemented AES-256-bit GCM encryption for securing communications. However, the default encryption only applied to the content on the respective app clients. During transit between two apps, the data remained unencrypted. Hence, an adversary could intercept the data.

While this will continue for meetings without E2EE, with E2EE-enabled meetings will remain secure as the data will also be encrypted during transit.

Users can check for the meeting encryption status via a green shield icon with a padlock in the middle. Moreover, all users should have the same codes appearing on their respective Zoom clients.

Source: Zoom

In phase 2, the company has also shared its plan to add Single sign-on (SSO) integration with E2EE and better identity management in 2021.

Let us know your thoughts in the comments.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil