Video conferencing has been one of the ways for conducting meetings earlier, but now the times have changed. As the COVID 19 lockdown has pushed people into staying indoors and people have been asked to work from home. The work from home conditions have made meetings go virtual and people have started using video conferencing apps as a tool to keep their works on track. But, these apps require access to a lot of apps in our system and they have the responsibility to safeguard the user’s information. Zoom is a large enterprise and widely used at present. Thus, as a step towards giving users a secured experience Zoom Video Conferencing has acquired Keybase. Zoom has an encryption system now but it needs improvement to provide end-to-end encryption in the near future.
Cyble, a cybersecurity intelligence firm (amibreached.com) told portals that it has been finding free Zoom accounts being posted on hacker forums for popularity. After finding accounts being posted in bulk, the company went ahead and bought the accounts to caution their customers. Cyble was able to purchase approximately 530,000 Zoom credentials for less than a penny per account. This brought humongous criticism to the Zoom.
Keybase joins Zoom
Keybase is a company that works to provide end-to-end encryption.It is a key directory that maps socialmedia identities to encryption keys in a publicly-auditable manner. It is one of the encryption products used by companies. Keybase is an encrypted social-networking service provider, currently owned by Zoom Video Communications. It was created by Chris Come, Max Krohn, and their team. The network currently enjoys some 400k users.
On May 7, 2020, Zoom officially acquired Keybase as part of Zoom’s drive to keep their information secure and safe and to introduce an end-to-end encrypted meeting mode.
Zoom to allow disable PMI option
PMI or Personal meeting Ids are automatically assigned to the user once he signs up and a personal meeting room is created. This PMI is a part of the URL that we possess. Now, this can be a threat to one’s privacy as anyone can join a particular meeting if they have the link as the PMI remains the same.
Therefore, Zoom has now launched a new feature using which users can disable their PMI. Disabling the PMI solves the problem immediately. This option is available at an individual as well as a group level.
Once the PMI gets disabled users are prompted with a message that “PMI is disabled” who have been accessing it. All the previous meetings scheduled will be invalid and have to be rescheduled or updated. The user needs to delete any meeting scheduled using the PMI, schedule a new one, and send out new invitations, and keys are distributed to the participants.
No new change is acquired by the scheduling of the meeting but just now there won’t be any particular ID but a randomly generated ID. Also, there is no personal meeting room.
This option helps companies and meeting organizers that want extreme security and do not want to take any chances in compromising with security. These are designed to satisfy customers who prefer security over compatibility. But, people who wish to use the personal links are also provided with features to be secure. All meetings can be secured by these features: require a password to join meeting, enable waiting room, require only authenticated people to join, disable join feature before host, lock the zoom meeting once started, and mute/unmute participants.
Zoom Encryption now and in the future
Zoom is used by 300 million users daily on an average. The teaming up of Zoom and Keybase is to provide security to the users. Zoom is planning to achieve it by a 90-day end to end encryption plan.
The message sent is encrypted at client and server each side. It is not decrypted until it reaches to the end user’s device. With the recent Zoom v5.0 release, Zoom client now supports content enccryption using industry-standard AES-GCM with 256 bit keys, as proposed by the zoom.
Zoom has been working on developing end-to-end encryption for video conferences since it was severely criticized for incorrectly making its calls appear to be fully encrypted. In the near future, Zoom’s all paid users have been provided with an end to end encryption facility. People hosting meetings will be given temporary IDs and they are required to share it through invitations. These are cryptographic identities.
Zoom Encryption Support
These encrypted meetings do not support phone bridges, non-zoom room conferencing, or cloud recordings. The encryption is completely done by the hosts. The company aims at providing privacy as well as to protect its users from any possible harm. They have proposed a set of steps that they are going to take further to ensure this. There will be reporting mechanisms available for the hosts to remove attendees they desire to. They won’t be monitoring everything in the meeting but the security team would be having some automated tools to find and catch abusive users. Live meetings will not be decrypted. No employee from the team will be able to join any meetings. A more detailed cryptographic design draft is expected to be published by the company.