IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Zoom admits meetings don't use end-to-end encryption

Conferencing app used by UK government isn't as secure as first thought

Video conferencing app Zoom does not use end-to-end encryption, according to reports, despite specifically stating that it does on its website.

Though Zoom offers users the option to “enable an end-to-end (E2E) encrypted meeting,” and provides a green padlock that claims “Zoom is using an end to end encrypted connection,” the company this week admitted that offers no such thing.

A spokesperson for the company told The Intercept that, despite its claims, it was "currently not possible" to enable end-to-end encryption for its video meetings.

Instead, the spokesperson revealed, the service uses Transport Layer Security (TLS) which encrypts data between user's meetings and Zoom's servers. End-to-end refers to data encrypted between calls, blocking out third parties - which includes the service provider. As a result, the company can see and use the data for things like targeted ads. 

"When we use the phrase ‘End to End’ in our other literature, it is in reference to the connection being encrypted from Zoom end point to Zoom end point,” the spokesperson added.

Like a number of video conferencing services, Zoom is currently benefiting from the coronavirus lockdown. Its usage in the US is reportedly three times as much as Microsoft Teams, which is fairly impressive for an app that was almost unheard of this time last year. 

Given the rapid rise of Zoom, Microsoft recently singled out the service in a partner video, suggesting that it's a threat to its business model as it can be used in tandem with rivals like Slack and Google's G Suite, unlike Teams.

Part of Zoom's appeal to organisations is its simplicity and the fact it can be used for free, albeit without any premium features, which lets businesses try it out before forking out any money.

"Video conferencing is a fantastic necessity in times like these but it is vitally important to understand the security and privacy concerns that go in parallel with this increasingly popular form of communication," said Jake Moore, a cyber security specialist for ESET.

"For social and light business meetings they are fine as long as users realise what data is being shared by Zoom to third parties. I certainly wouldn't recommend using free software for sensitive or private meetings."

On Tuesday, Boris Johnson tweeted a picture of his cabinet's "first digital meeting" and, comically, left the ID number visible. This security blunder will not have gone down well with the Ministery of Defence, which has reportedly banned Zoom due to security concerns. 

Zoom told The Intercept that it only collects user data to improve the service and that it never allows its employees to access specific content in meetings and doesn't sell any kind of user data. However, the company did confirm that it could hand over data from meetings if it was compelled to for legal proceedings. 

Featured Resources

Join the 90% of enterprises accelerating to the cloud

Business transformation through digital modernisation

Free Download

Delivering on demand: Momentum builds toward flexible IT

A modern digital workplace strategy

Free download

Modernise the workforce experience

Actionable insights and an optimised experience for both IT and end users

Free Download

The digital workplace roadmap

A leader's guide to strategy and success

Free Download

Recommended

Solve cyber resilience challenges with storage solutions
Whitepaper

Solve cyber resilience challenges with storage solutions

4 Jul 2022
Storage's role in addressing the challenges of ensuring cyber resilience
Whitepaper

Storage's role in addressing the challenges of ensuring cyber resilience

4 Jul 2022
Introducing IBM Security QRadar XDR
Whitepaper

Introducing IBM Security QRadar XDR

4 Jul 2022
The Total Economic Impact™ of IBM Security MaaS360 with Watson
Whitepaper

The Total Economic Impact™ of IBM Security MaaS360 with Watson

4 Jul 2022

Most Popular

Universities are fighting a cyber security war on multiple fronts
cyber security

Universities are fighting a cyber security war on multiple fronts

4 Jul 2022
Hackers claim to steal personal data of over a billion people in China
data breaches

Hackers claim to steal personal data of over a billion people in China

4 Jul 2022
Raspberry Pi launches next-gen Pico W microcontroller with networking support
Hardware

Raspberry Pi launches next-gen Pico W microcontroller with networking support

1 Jul 2022