Zoom admits meetings don't use end-to-end encryption

Conferencing app used by UK government isn't as secure as first thought

Video conferencing app Zoom does not use end-to-end encryption, according to reports, despite specifically stating that it does on its website.

Though Zoom offers users the option to “enable an end-to-end (E2E) encrypted meeting,” and provides a green padlock that claims “Zoom is using an end to end encrypted connection,” the company this week admitted that offers no such thing.

Advertisement - Article continues below

A spokesperson for the company told The Intercept that, despite its claims, it was "currently not possible" to enable end-to-end encryption for its video meetings.

Instead, the spokesperson revealed, the service uses Transport Layer Security (TLS) which encrypts data between user's meetings and Zoom's servers. End-to-end refers to data encrypted between calls, blocking out third parties - which includes the service provider. As a result, the company can see and use the data for things like targeted ads. 

"When we use the phrase ‘End to End’ in our other literature, it is in reference to the connection being encrypted from Zoom end point to Zoom end point,” the spokesperson added.

Like a number of video conferencing services, Zoom is currently benefiting from the coronavirus lockdown. Its usage in the US is reportedly three times as much as Microsoft Teams, which is fairly impressive for an app that was almost unheard of this time last year. 

Given the rapid rise of Zoom, Microsoft recently singled out the service in a partner video, suggesting that it's a threat to its business model as it can be used in tandem with rivals like Slack and Google's G Suite, unlike Teams.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Part of Zoom's appeal to organisations is its simplicity and the fact it can be used for free, albeit without any premium features, which lets businesses try it out before forking out any money. "Video conferencing is a fantastic necessity in times like these but it is vitally important to understand the security and privacy concerns that go in parallel with this increasingly popular form of communication," said Jake Moore, a cyber security specialist for ESET. "For social and light business meetings they are fine as long as users realise what data is being shared by Zoom to third parties. I certainly wouldn't recommend using free software for sensitive or private meetings."

On Tuesday, Boris Johnson tweeted a picture of his cabinet's "first digital meeting" and, comically, left the ID number visible. This security blunder will not have gone down well with the Ministery of Defence, which has reportedly banned Zoom due to security concerns. 

Zoom told The Intercept that it only collects user data to improve the service and that it never allows its employees to access specific content in meetings and doesn't sell any kind of user data. However, the company did confirm that it could hand over data from meetings if it was compelled to for legal proceedings. 

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Recommended

Visit/software/video-conferencing/355410/zoom-50-adds-256-bit-encryption-and-ui-refresh
video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020
Visit/security/hacking/355382/whatsapps-flaw-shoulder-surfing
hacking

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020
Visit/security/cyber-security/355368/microsoft-builds-ai-to-detect-security-flaws-with-99-accuracy
cyber security

Microsoft AI can detect security flaws with 99% accuracy

20 Apr 2020
Visit/security/vulnerability/355276/businesses-brace-for-second-fujiwhara-effect-of-2020-as-patch-tuesday
vulnerability

Businesses brace for second 'Fujiwhara effect' of 2020 as Patch Tuesday looms

9 Apr 2020

Most Popular

Visit/security/34616/the-top-ten-password-cracking-techniques-used-by-hackers
Security

The top ten password-cracking techniques used by hackers

5 May 2020
Visit/mobile/5g/355712/nokia-5g-speed-record
5G

Nokia breaks 5G record with speeds nearing 5Gbps

20 May 2020
Visit/cloud/cloud-computing/355742/microsoft-launches-public-cloud-service-for-health-care
cloud computing

Microsoft launches public cloud service for health care

21 May 2020