Not only is Zoom's strong end-to-end encryption not actually end-to-end, its encryption isn't even that strong

2020-04-03 23:11

Zoom in its documentation, and in an in-app display message, has claimed its conferencing service is "End-to-end encrypted," meaning that an intermediary, include Zoom itself, cannot intercept and decrypt users' communications as it moves between the sender and receiver.

When reports emerged that Zoom Meetings are not actually end-to-end encrypted encrypted, Zoom responded that it wasn't using the commonly accepted definition of the term.

The Zoom transport protocol, according to the lab's report, is a custom variant of RTP that encrypts and decrypts the audio and video of Zoom meeting participants with a single AES-128 key that gets shared among all those in the meeting via a TLS-encrypted channel.

"As a result of these troubling security issues, we discourage the use of Zoom at this time for use cases that require strong privacy and confidentiality," the report says.

The Register asked Zoom to comment but we've not heard back.

News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/04/03/dont_use_zoom_if_privacy/

#encryption #zoom