Zoom Video Communications has seen usage of its video conferencing service spike as a result of the coronavirus but a new report from The Intercept has shed light on the fact that its claim that its meetings have end-to-end encryption are not true.
On its website and in a security-related white paper, the US-based video conferencing company boasts about end-to-end encryption. However, The Intercept discovered that the service actually uses transport encryption instead.
Transport encryption is a Transport Layer Security (TLS) protocol which secures the connection between a user and the server they are connected to. TLS is also used to help secure connections between users and any website they visit with HTTPS protocol.
However, the main difference between transport encryption and end-to-end encryption is that while others won’t be able to access your data, Zoom will still be able to.
In a statement to The Intercept, a Zoom spokesperson revealed that the service is unable to provide end-to-end encryption at the moment, saying:
“Currently, it is not possible to enable E2E encryption for Zoom video meetings. Zoom video meetings use a combination of TCP and UDP. TCP connections are made using TLS and UDP connections are encrypted with AES using a key negotiated over a TLS connection.”
Basically the company clarified that its use of the phrase “end-to-end” in its white paper is in reference to the connection being encrypted between Zoom endpoints. This means that other people can’t access the data shared during Zoom video calls but the company itself still can.
Despite its recent surge in popularity, a number of privacy issues have come to light surrounding the service such as how its iOS app was found to be sending data to Facebook without explicit user consent. Thankfully Zoom recently removed the code that was sending data to the social network.
Additionally a new report from Bleeping Computer revealed that it is possible for hackers to steal passwords through Zoom’s Windows client.
- We’ve also highlighted the best VPN services