Zoom announces plans to introduce end-to-end encryption

Zoom has announced plans to introduce end-to-end encryption after confirming the acquisition of a secure messaging and file-sharing service.

The video-conferencing platform has acquired Keybase, an encrypted messaging platform for an undisclosed fee.

Zoom said it would use Keybase engineers joining the company to help it build end-to-end encryption into its video platform as part of an ongoing pledge to improve the firm’s security features.

Zoom had been criticised for previously suggesting on its website that it used end-to-end encryption when in fact it did not.

At the beginning of April, the company revealed it had suspended all other product development to focus on security features after a number of concerns were raised about safety on the service as it gained millions of new users during the coronavirus lockdown.

A 90-day programme to improve Zoom’s security settings was then launched by the firm.

On the promise to introduce end-to-end encryption, Zoom chief executive Eric Yuan said: “There are end-to-end encrypted communications platforms. There are communications platforms with easily deployable security. There are enterprise-scale communications platforms. We believe that no current platform offers all of these.

“This is what Zoom plans to build, giving our users security, ease of use, and scale, all at once.

“The first step is getting the right team together. Keybase brings deep encryption and security expertise to Zoom, and we’re thrilled to welcome Max (Krohn, Keybase co-founder) and his team.

“Bringing on a cohesive group of security engineers like this significantly advances our 90-day plan to enhance our security efforts.”

Zoom said its intention is to offer end-to-end encryption meetings to all paid account users.

“We believe this will provide equivalent or better security than existing consumer end-to-end encrypted messaging platforms, but with the video quality and scale that has made Zoom the choice of over 300 million daily meeting participants, including those at some of the world’s largest enterprises,” the firm said.

Industry expert Tim Mackey, principal security strategist at Synopsys’ Cybersecurity Research Centre (CyRC), said Zoom’s announcement appeared to be a positive step.

“Zoom’s acquisition of the Keybase team allows it to lay the foundation for what’s known as end-to-end encryption within their platform,” he said.

“This looks like proper end-to-end encryption, but of course the devil is in the details so the implementation will be the true test.

“For normal users, the addition of end-to-end encryption should be viewed as enhancing the overall security of their meetings.

“With recent examples of inappropriate accesses to meetings on the conferencing platforms, this end-to-end encryption helps ensure that any potential for a meeting to be intercepted or for someone to otherwise ‘hack’ into a meeting are minimised.”