Zoom Acquires Keybase Bolstering Its Security Chops To Protect Video Conferences
Zoom is a video conferencing platform that has seen impressive growth during the coronavirus pandemic as it has been widely adopted by schools and businesses to support people working and learning from home. Zoom today announced the acquisition of Keybase, noting that this is part of its 90-day plan to strengthen the security of the video communications platform. Keybase launched in 2014 and is a secure messaging and file-sharing service that uses "deep encryption and security expertise."
The Keybase team will be integrated into the Zoom family to help build end-to-end encryption that reaches the scalability needed for the platform. The video conferencing platform says that its goal is to provide the most privacy possible for every use case while balancing the needs of users with its commitment to prevent harmful behavior on the platform. Zoom currently uses encryption for all its clients, and content is encrypted via each sending device and only decrypted when it reaches the recipient device.
The most recent client release, Zoom 5.0, supports encrypting content using industry-standard AES-GCM with 256-bit keys. Currently, encryption keys for each meeting are generated by Zoom servers. The company also notes that some features widely used by clients, such as support for attendees to call into a phone bridge or use in-room meeting systems offered by other companies, will always require some of the encryption keys to be kept in the cloud.
"In the near future," Zoom plans to offer an end-to-end encrypted meeting mode to all paid accounts. In this scenario, logged-in users will generate public cryptographic identities stored in a repository on the Zoom network, which is used to establish trust relationships between meeting attendees. The end-to-end encrypted meetings won't support phone bridges, cloud recording, or non-zoom conference room systems. All encryption keys will be "tightly controlled" by the host, who will admit meeting attendees.
Zoom says that it believes the system will provide the equivalent or better security than existing consumer end-to-end encrypted messaging platforms. Currently, Zoom plans to publish a detailed draft cryptographic design on May 22, followed by hosted discussions where it will share more detail and solicit feedback from industry experts. All feedback will be integrated into the final design and eventually be deployed to users.
In other Zoom news, it admitted to misleading the public with a recent claim of 300 million daily active users.