Popular video-chat service Zoom announced new end-to-end encryption software for both free and paid users.
“We’re very proud to bring Zoom’s new end-to-end encryption to Zoom users globally today. This has been a highly requested feature from our customers, and we’re excited to make this a reality. Kudos to our encryption team who joined us from Keybase in May and developed this impressive security feature within just six months,” said Zoom CISO Jason Lee.
The new encryption software is called E2EE and is being offered as a technical preview. Zoom will explicitly look for customer feedback within the first 30 days of the launch.
The new service allows users to secure their meetings so that only they, not Zoom or anyone else, can access the content. This security means that no one else besides the meeting participants can access the call and see and hear what is discussed, which is vital for secure business calls during the pandemic.
“With Zoom’s new E2EE, the meeting’s host generates encryption keys and uses public-key cryptography to distribute these keys to the other meeting participants. Zoom’s servers become oblivious relays and never see the encryption keys required to decrypt the meeting contents. Encrypted data relayed through Zoom’s servers is indecipherable by Zoom, since Zoom’s servers do not have the necessary decryption key,” announced the company in a press release.
According to The Verge, E2EE is supported across Zoom’s Mac, PC, iOS, and Android apps, as well as Zoom Rooms, but not for the company’s web clients or third-party clients that use the Zoom SDK.
Zoom usage has soared during the coronavirus pandemic, becoming many businesses’ and schools’ go-to service. The service had 300 million daily users in April 2020, up from 10 million in December 2019.
With all the additional users came some issues for the Zoom platform, primarily security concerns. Many users were victims of “zoombombing,” when hackers invade an online meeting and show violent imagery or pornography. The incidents led to concerns over the service’s privacy policies.
Two classes at UCLA were victims of zoombombing in early October. The attackers called out victims’ appearances and launched racial and homophobic slurs at the students.
The fallout from similar instances even prompted Zoom’s CEO, Eric Yuan, to make a public apology to users over the issues facing the service.
With all the security concerns and unfortunate incidents, end-to-end encryption was a much-needed addition to the growing platform.
Zoom previously offered its users a form of encryption that was not end-to-end, only encrypting between each meeting participant and Zoom’s servers.
To enable the new Zoom encryption feature, users can find the step by step instructions in the Zoom help center.
Once the E2EE feature is enabled, users can verify their Zoom call uses the more secure kind of encryption by using the green shield at the top left of a meeting window. The shield will show a padlock rather than a checkmark if the meeting is encrypted end-to-end.
In addition to the new feature not being available to third-party clients, Zoom users who want the new feature will need to be updated to Zoom 5.4 or later on Windows, macOS, Linux, Android, or iOS. The E2EE is also limited to Zoom calls with 200 or fewer participants.
The new feature is also not compatible with other existing features on Zoom. E2EE does not allow cloud recording, live transcription, polling, meeting reactions, and join before host features. Additionally, meeting participants cannot join using their telephone, SIP/H.323 devices, on-premise configurations, Lync, or Skype.
While the new feature is available to both paid and free users, the free users must have a valid billing option associated with their account and verify their phone number using SMS.
The rollout for the feature will come in four stages. According to The Verge, the next phase of the rollout process is scheduled to launch next year and will include better identity management and support for single sign-on.