Video conferencing service, Zoom’s security woes have been exposed and well documented lately. With heavy reliance nowadays being on such services it’s no surprise why this is. Zoom’s security issues have become so bad that Facebook decided to make a play and provided even more competition with the recent introduction of Rooms.
Seeking to put this right and effectively offer end-to-end encryption, Zoom has seemingly reacted by acquiring Keybase, a provider of secure messaging and file-sharing. Keybase staff will help build an end-to-end encryption system for Zoom’s video conferencing service. This will however only be available on paid options.
The announcement came on Thursday, following weeks of numerous calls for the platform to be more secure by its various users globally. Making things worse, Zoom also admitted that it wasn’t offering full encryption as previously advertised. One of the main flaws with Zoom’s system is how the encryption keys are generated and stored on the company’s servers.
Looking to specifically fix this, Zoom is creating an end-to-end system that will generate the encryption keys to video sessions from the meeting host’s computer — not from a company server. “This key will be distributed between clients, enveloped with the asymmetric keypairs and rotated when there are significant changes to the list of attendees,” the company said in its original announcement. “The cryptographic secrets will be under the control of the host, and the host’s client software will decide what devices are allowed to receive meeting keys, and thereby join the meeting.”
“We believe this will provide equivalent or better security than existing consumer end-to-end encrypted messaging platforms, but with the video quality and scale that has made Zoom the choice of over 300 million daily meeting participants, including those at some of the world’s largest enterprises,” the company added.
Zoom plans on publishing more details about the end-to-end encryption implementation on May 22, with the goal of getting feedback from the security community and customers. “Once we have assessed this feedback for integration into a final design, we will announce our engineering milestones and goals for deploying to Zoom users,” the company said.
This one however is not exactly a straightforward deal as the fate of Keybase’s existing products is a bit sketchy. In their own blog post, Keybase mentioned: “Initially, our single top priority is helping to make Zoom even more secure. There are no specific plans for the Keybase app yet. Ultimately Keybase’s future is in Zoom’s hands, and we’ll see where that takes us.”
The fate of Keybase’s existing products is also a bit murky. In an another post, Keybase said: “Initially, our single top priority is helping to make Zoom even more secure. There are no specific plans for the Keybase app yet. Ultimately Keybase’s future is in Zoom’s hands, and we’ll see where that takes us.”
Further complicating things is the fact that not all Keybase users are happy with the move, pointing to Zoom’s repeated stumbles managing the video conferencing service’s security. “This is good for Zoom users, probably. They could use your expertise. (But) this is awful for Keybase users. Just deleted my account,” tweeted one user. “They (Zoom) have proven time and time again they can’t be trusted for calls, can’t expect me to trust them with a security product.”
How this one works out we’ll have to see, at the very least the company is now doing something to address its much aligned security problems. How do you see this one working out? Good move or not especially considering the various complexities involved? Let us know what you think in the comments below.