Zoom has acquired secure messaging and file-sharing service Keybase in a bid to further strengthen the security of its video communications platform leveraging its deep encryption and security expertise.
Zoom will integrate Keybase’s team into the Zoom family to help it build end-to-end encryption that can reach current Zoom scalability and help it grow its market share.
This acquisition comes a few weeks after Zoom experienced some privacy and security issues last month. The firm went ahead to issue a security update to give users options to add and remove participants, restrict screen sharing, and to chat in meetings.
Before the update, some of the privacy issues included Zooms default settings, which don’t encourage passwords for meetings. Also, allow participants to share their screen the randomly generated user ID numbers, which are easy to guess, allowing anyone to join any meeting. Another case is the Zoombombing phenomenon, where pranksters would join zoom calls and broadcast crafty videos or even pornography content.
“Our goal is to provide the most privacy possible for every use case, while also balancing the needs of our users and our commitment to preventing harmful behavior on our platform. Keybase’s experienced team will be a critical part of this mission,” announced the firm.
Audio and video content flowing between Zoom clients (e.g., Zoom Rooms, laptop computers, and smartphones running the Zoom app) is encrypted at each sending client device. It is not decrypted until it reaches the recipients’ devices. Zoom’s recent 5.0 release supports encrypting content using industry-standard AES-GCM with 256-bit keys. However, the encryption keys for each meeting are generated by Zoom’s servers.
Zoom will offer an end-to-end encrypted meeting mode to all paid accounts. Logged-in users will generate public cryptographic identities that are stored in a repository on Zoom’s network and can be used to establish trust relationships between meeting attendees. An ephemeral per-meeting symmetric key will be generated by the meeting host. This key will be distributed between clients, enveloped with the asymmetric keypairs and rotated when there are significant changes to the list of attendees. The cryptographic secrets will be under the control of the host, and the host’s client software will decide what devices are allowed to receive meeting keys, and thereby join the meeting. We are also investigating mechanisms that would allow enterprise users to provide additional levels of authentication.
These end-to-end encrypted meetings will not support phone bridges, cloud recording, or non-Zoom conference room systems. Zoom Rooms and Zoom Phone participants will be able to attend if explicitly allowed by the host. Encryption keys will be tightly controlled by the host, who will admit attendees.
“We believe this will provide equivalent or better security than existing consumer end-to-end encrypted messaging platforms, but with the video quality and scale that has made Zoom the choice of over 300 million daily meeting participants, including those at some of the world’s largest enterprises,” said the firm.