Zoom adds post-quantum end-to-end encryption to video meetings


Zoom has announced the global availability of post-quantum end-to-end encryption (E2EE) for Zoom Meetings, with Zoom Phone and Zoom Rooms to follow soon.

Meetings is a popular video conferencing service that allows users to host and join virtual meetings with high-definition video and audio, featuring screen sharing, chat, and participant management, making it a popular choice for businesses, virtual events, and online classes.

Today, Zoom has announced the introduction of the Kyber768 quantum-resistant encryption to its already encrypted end-to-end communications, which makes all data traveling between its servers and clients undecipherable even by advanced quantum computers.

“When users enable E2EE for their meetings, Zoom’s system is designed to provide only the participants with access to the encryption keys that are used to encrypt the meeting; this is the behavior for both post-quantum E2EE and standard E2EE,” reads Zoom’s announcement.

“Because Zoom’s servers do not have the necessary decryption key, encrypted data relayed through Zoom’s servers is indecipherable.”

Although such systems are still in their infancy, the sector is progressing steadily, and experts believe it’s only a matter of time before powerful enough quantum computers render all conventional encryption schemes obsolete.

The risk of staying behind lies in the so-called “harvest now, decrypt later” attacks that involve bad actors intercepting and storing encrypted data of important communications today in the hopes of being able to decrypt it in the future when more powerful computers are available.

Zoom says the introduction of quantum-resistant algorithms today addresses this risk, inspiring confidence in users that they can continue using the software without compromising security.

This is the same proactive approach that several other communication platforms have taken recently, including Signal, Apple iMessage, Tuta Mail, and even Google Chrome, all utilizing the same NIST-recommended Kyber key encapsulation algorithm.

Zoom was heavily criticized in the past for its lack of end-to-end encryption while it enjoyed a meteoric rise in popularity and deployment in corporate environments during the COVID-19 era when large swaths of the workforce were pushed to work remotely.

The company added E2EE to Meetings in 2020, with Zoom Phone following in 2022. This time, Zoom says it’s the first unified communications as a service (UCaaS) provider to offer quantum-resistant video conferencing, showing the company’s intention to assume a leading role in the field.

For more information on which versions and platforms of Zoom Workplace support post-quantum E2EE, users can visit this page.



Source link