Security News > 2020 > April > Zoom's end-to-end encryption isn't actually end-to-end at all. Good thing the PM isn't using it for Cabinet calls. Oh, for f...
That's a good thing because miscreants hijacking unprotected Zoom calls is a thing.
When we say end-to-end.... Despite Zoom offering a meeting host the option to "Enable an end-to-end encrypted meeting," and providing a green padlock that claims "Zoom is using an end to end encrypted connection," it appears that the company is able to access data in transit along that connection, and can also be compelled to provide it to governments.
It's not E2E. While that is not something that will bother most Zoom users, whose conversations are not highly sensitive nor confidential, for something like a UK Cabinet meeting, the lack of true end-to-end encryption is dangerous.
Under questioning, a Zoom spokesperson admitted: "Currently, it is not possible to enable E2E encryption for Zoom video meetings. Zoom video meetings use a combination of TCP and UDP. TCP connections are made using TLS and UDP connections are encrypted with AES using a key negotiated over a TLS connection."
Then they gave their own Zoom version of what the phrase "End-to-end encryption" actually means: "When we use the phrase 'End to End' in our other literature, it is in reference to the connection being encrypted from Zoom end point to Zoom end point," a spokesperson told The Intercept on Tuesday.
News URL
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/04/01/zoom_spotlight/