Every crisis is an opportunity in disguise. What companies benefited the most since the outbreak of COVID-19? Most probably, Zoom is on the shortlist. Indeed in the times of the new remote normal, communication becomes a critical part of your life. The number of daily Zoom meeting participants surged from 10 million in December 2019 to 300 million in April 2020. With popularity came attention to the security of the platform. No wonder that with this attention came news of security flaws found in the product. Probably, having end-to-end encryption (E2EE) implemented platform-wide would allow avoiding some of the issues. Let’s take a closer look at this.
End-to-end encryption (E2EE) is a secure communication method that prevents third-parties from accessing data transferred between legitimate users or devices. It is based on public-key cryptography, where the end-users exchange public encryption keys while keeping the private decryption keys secret. It allows for asynchronous encryption systems, where users can safely exchange information without the burden of pre-shared symmetric keys. The data stays encrypted all the way from one user to another and back. So, assuming that a robust cryptographic algorithm is in use and private keys remain secret, data interception becomes virtually useless.
So, coming back to Zoom – ever since they got in the security researchers spotlight, the market was closely watching their progress in implementing the E2EE. It was a crucial point in Zoom’s list as they previously used the server-key based encryption – arguably, the least privacy-focused approach possible.
As always, the benefit comes at a price: E2EE demands a delay before a secure connection is established, especially in a multiuser session. Nevertheless, it looks like the Zoom security drama is approaching its end: in mid-October, Zoom announced the plans to roll out the E2EE capabilities. It allows Zoom users to generate individual keys to encrypt voice or video calls between them and other conference participants. Zoom claims this functionality will be available for both paid and free accounts. The Zoom application’s green shield icon will contain a lock if the E2EE is active.
We at Berezha Security encourage using end-to-end encryption to protect your data from interception. Encryption is the most effective protection method for your information assets. We advise leveraging it in different areas, such as digitally signing your emails, using a password manager to keep your passwords safe, fully encrypting your hard drive or at least all sensitive files and directories, and, of course, using the E2EE-capable messengers for your communication.
Simple but timely actions may save you from significant risks. Stay safe and take care.