As the pandemic forced people worldwide to work and study from their homes, the video conferencing application Zoom gained massive popularity.
Unfortunately, the stardom was short-lived since a handful of security flaws in the application came to light. Zoom’s CEO himself admitted that none of the video calls are encrypted. As a result, many organizations, including Google, banned its employees from using the application for work-related calls.
To be clear Zoom‘s meetings were protected by AES 256-bit GCM encryption. So, your text, video, and audio were safe from snooping while in transit. However, these encryption keys were generated on Zoom‘s servers, and attackers could target it to snoop on users. On the other hand, if a meeting has end-to-end encryption protection, only participants will have these keys.
If you’re a free user, to use end-to-end encryption, you’ll have to first verify yourself through two-factor authentication using a code sent to your phone via SMS.
In this preview stage, if you enable end-to-end encryption for your meeting, you won’t be able to use features such as joining before the host, cloud recording, streaming, live transcription, breakout rooms, polling, and 1-on-1 private chat. And while Zoom can host up to 1,000 participants on an enterprise plan, the end-to-end encryption feature will be limited to meetings with up to 200 participants.
Zoom says that this feature will be in the beta phase for 30 days to collect feedback from users. The company is planning to roll out the second phase of end-to-end encryption (out of four planned phases) with better identity management.