
Increased Security Creates a Safe Space for Zoom Meetings
Zoom video conferencing software announced that the rollout of end-to-end (E2EE) encryption will begin next week. This increase in security is good news for all Zoom users and their video conferences, voice calls, meetings, and classes.
Starting next week, meeting hosts will be able to opt into E2EE for each call.
Zoom is a popular video conferencing software that facilitates online group meetings, classes, and conversations. The company offers free and paid subscription services.
“End-to-end encryption is another stride toward making Zoom the most secure communications platform in the world,” said Zoom CEO Eric S. Yuan.
Zoom has almost 13 million monthly active users. That’s an incredible 21% increase this year. The popularity of the video conferencing platform skyrocketed at the beginning of the COVID-19 pandemic when schools and workplaces were forced to close.
Cybercriminals used the sudden growth to target video platforms. In May, RAT malware was disguised as a Zoom installer.
How to Use Zoom End-to-End encryption
An encrypted meeting starts when the host enables Zoom end-to-end encryption at the beginning of each meeting. All participants must also opt in.
- Hosts enables E2EE at the account, group, and user level
- All participants must have E2EE enabled to join any E2EE meeting
MS Office 365 Phishing Campaign Targets Corporate Zoom Users
A green shield and padlock logo in the upper left corner of a meeting screen indicate a meeting is using E2EE. In July, a phishing attack targeted corporate Zoom users in an attempt to steal Microsoft Office 365 credentials.
Zoom isn’t the only video conferencing platform targeted by cybercriminals. Skype was also targeted in a campaign to steal Office 365 credentials. Microsoft Teams users were also targeted in a phishing attack.
But not all of Zoom’s issues were phishing attacks. A security bug allowed hackers to access Mac webcams had to be quickly patched in July.
End-to-end encryption prevents cybercriminals from intercepting conversations, videos, chats, or other data sent during meetings. In order to facilitate end-to-end encryption, no third party (including Zoom itself) should be able to access encryption keys. With Zoom’s increased security, conversations will be secured and even Zoom won’t be able to decrypt them.
Under the current security policy, Zoom’s cloud service generates and maintains meeting encryption keys. With end-to-end encryption the encryption keys are generated from the host and are accessible with Zoom.
Earlier this year, the platform added two-factor authentication (2FA) for all users – free and paid – after a series of privacy breaches. Numerous reports of classes and meetings being invaded by uninvited attendees raised alarm for parents and teachers.