As the UK and other countries grapple with the realities of life under lockdown, video conferencing apps have become pretty essential.
There are plenty of different apps vying for users but Zoom has emerged as one of the most-used. But after revelations it was sending background user data to Facebook, it now seems that Zoom’s encryption isn’t exactly what it said it was.
According to a report from The Intercept, Zoom’s video meetings are not end-to-end (E2E) encrypted as the company states on its website.
‘Currently, it is not possible to enable E2E encryption for Zoom video meetings,’ a spokesperson told the site.
Instead, the company has TLS encryption in place. This is essentially what browsers use to secure HTTPS websites and it means that data is encrypted between users and Zoom’s servers. But that’s different from ‘end-to-end’ encryption which protects all content shared between users from the company providing the service.
‘When we use the phrase ‘End to End’ in our other literature, it is in reference to the connection being encrypted from Zoom end point to Zoom end point,’ the company told The Intercept.
‘Content is not decrypted as it transfers across the Zoom cloud.’
Further adding to the confusion is that the company says the in-meeting chat does support E2E as Zoom doesn’t have the key to unlock those messages.
If it makes you feel any better, Zoom says it only collects data about meetings to help it improve its service. Things like IP addresses, OS details and which device you use. It also says it doesn’t let employees access the contents of meetings or sell any user data of any kind on to third parties.
Whether or not you’re bothered about Zoom’s security credentials, there are some steps you should take if you use the software to make things as private as you can.
‘Video conferencing is a fantastic necessity in times like these but it is vitally important to understand the security and privacy concerns that go in parallel with this increasingly popular form of communication,’ explained Jake Moore, a cybersecurity specialist at ESET.
‘For social and light business meetings they are fine as long as users realise what data is being shared by Zoom to third parties. I certainly wouldn’t recommend using free software for sensitive or private meetings,’ he told Metro.co.uk.
‘Other end-to-end encrypted video platforms exist and offer more privacy based communications. If you continue to use Zoom, make sure you check the settings and make good use of what they offer – for example, do not share the link or the meeting ID on public platforms as others may “zoombomb” the meeting.
‘Make sure you use the virtual waiting room, add a meeting password, and try to set screen sharing to “host only” where possible.’
In the midst of these security concerns, Downing Street has published pictures of Prime Minister Boris Johnson using the app to continue holding Cabinet meetings with senior MPs – where sensitive information like matters of national security are discussed – while observing rules on social distancing to curb the coronavirus outbreak.
But MoD staff were told that use of the software was being suspended with immediate effect while ‘security implications’ were investigated, with users reminded of the need to be ‘cautious about cyber resilience’ in ‘these exceptional times’.
One source commented that ‘it is astounding that thousands of MoD staff have been banned from using Zoom only to find a sensitive Government meeting like that of the Prime Minister’s Cabinet is being conducted over it’.
A message to MoD staff said: ‘We are pausing the use of Zoom, an internet-based video conferencing service, with immediate effect whilst we investigate security implications that come with it.’
The email added that a decision will then be made about whether to continue using the programme.
A Government spokesperson said: ‘In the current unprecedented circumstances the need for effective channels of communication is vital. NCSC (National Cyber Security Centre) guidance shows there is no security reason for Zoom not to be used for conversations below a certain classification.’
Coronavirus latest news and updates
- Visit our live blog for the latest updates: Coronavirus news live
- Read all new and breaking stories on our Covid-19 news page
- Coronavirus symptoms explained
- Find out the latest on which shops can stay open in a lockdown
- Who needs to go to work, who needs to stay at home and who is classed as a key worker?
Source: Read Full Article