Zoom expands end-to-end encryption for Phone and breakout rooms

Credit to Author: Charlotte Trueman| Date: Fri, 22 Jul 2022 03:44:00 -0700

Zoom has announced it is expanding end-to-end encryption (E2EE) capabilities to Zoom Phone, with breakout rooms to be given the same level of encryption in the near future.

Zoom Phone customers now have the option to upgrade to E2EE during one-on-one Zoom Phone calls between users on the same Zoom account that occur via the Zoom client.

During a call, when users select “More” they will see an option to change the session to an end-to-end encrypted phone call. When enabled, Zoom encrypts the call by using cryptographic keys known only to the devices of the caller and receiver. Users will also have the option to verify E2EE status by providing a unique security code to one another.

In order for a Zoom Phone call to be end-to-end encrypted, users will need the account admin to enable E2EE via the web portal. Callers will need to be on the same Zoom account and can only make one-to-one phone calls. Furthermore, both callers must use the Zoom Phone desktop or mobile client, and both callers will need to have automatic call recording turned off. Public switched telephone networks (PSTN) are not supported.

End-to-end encryption for breakout rooms within larger meetings will eventually see users offered the same experience as a standard E2EE meeting, except each breakout room gets its own unique meeting encryption key.

You can use this feature when you need to add an extra layer of security to important, private conversations, or just want to get certain people together during an E2EE meeting.

Account owners and admins can enable end-to-end encryption for meetings, which then requires all meeting participants to join from the Zoom desktop client, mobile app, or Zoom Rooms. Currently, turning on E2EE in a Zoom meeting disables a number of in-meeting features, including live streaming, live transcription, polling, and breakout rooms.

At the start of the COVID-19 pandemic, Zoom came under fire after falsely claiming that its video calls were protected by E2EE. As a result of this inaccuracy, alongside a number of other security flaws that were uncovered, CEO Eric Yuan announced that the company would halt development of new features for 90 days to concentrate on its security efforts.

Zoom eventually started rolling out end-to-end encryption for meetings in October 2020.

http://www.computerworld.com/category/security/index.rss