Pages

Wednesday, April 1, 2020

Zoom Concerns - Part 2

As noted yesterday, the Zoom application which has become the default for online education at universities (and for meetings, etc.) has been the target of security concerns. Here is another example:

As reported by The Intercept, the Zoom video conferencing app offers options for end to end encryption in its UI (and in its marketing materials) but the calls are not actually end-to-end encrypted at all. The Zoom video app is bursting into the public consciousness this year as the coronavirus causes most people to work from home. However, the security of the app has come under fire in many ways. In this instance, it turns out Zoom calls are only encrypted in transmission. This means the central Zoom servers could decrypt the incoming calls and see all participants if the company wanted to.

In contrast, Apple’s FaceTime has always been end-to-end encrypted. When Group FaceTime was introduced in 2018, it too was end-to-end encrypted. FaceTime remains the only video chat app that supports end-to-end encryption on group calls with up to 32 participants. The kind of encryption Zoom actually uses is no different from browsing the web over HTTPS. Your connection to the server is secured, but the content of the call can be decrypted and snooped on with the server if the owner wanted to. Obviously, Zoom says it does not do this and simply uses the server to re-encode the connection to the call’s recipients...

Full story at https://9to5mac.com/2020/03/31/zoom-video-calls-are-not-actually-end-to-end-encrypted/

See also https://www.bbc.com/news/business-52115434.

No comments: