rwt-as logo
Story image

Zoom buys encryption startup in its first-ever acquisition

Zoom has today announced its first-ever acquisition - absorbing Keybase, an end-to-end encryption and secure messaging platform.

The video conferencing company’s inaugural acquisition indicates its intention to correct its record on privacy and security, which has drawn sharp criticism in the months where its service has seen unprecedented growth during the COVID-19 pandemic.

Terms of the deal were not disclosed.

In a blog post written by Zoom CEO Eric Yuan, the company says it intends to leverage Keybase’s deep encryption and security expertise to help Zoom build its own end-to-end encryption.

“This acquisition marks a key step for Zoom as we attempt to accomplish the creation of a truly private video communications platform that can scale to hundreds of millions of participants, while also having the flexibility to support Zoom’s wide variety of uses,” says Yuan. 

“Our goal is to provide the most privacy possible for every use case, while also balancing the needs of our users and our commitment to preventing harmful behaviour on our platform.

“Keybase’s experienced team will be a critical part of this mission.”

The acquisition represents the latest move by Zoom in its 90-day plan it announced at the beginning of April to improve its security flaws.

In late April, the company announced Zoom 5.0, which provided ‘robust’ enhancements to its security and privacy protocols, including industry-standard AES-GCM encryption with 256-bit keys.

Zoom says the acquisition announced today will take privacy further – in the ‘near future’, Zoom will offer an end-to-end encrypted meeting mode to all paid accounts. 

“Logged-in users will generate public cryptographic identities that are stored in a repository on Zoom’s network and can be used to establish trust relationships between meeting attendees,” says Yuan.

“An ephemeral per-meeting symmetric key will be generated by the meeting host. This key will be distributed between clients, enveloped with the asymmetric keypairs and rotated when there are significant changes to the list of attendees,” he says.

“The cryptographic secrets will be under the control of the host, and the host’s client software will decide what devices are allowed to receive meeting keys, and thereby join the meeting.”

However, end-to-end encrypted meetings will not support phone bridges, cloud recording, or non-Zoom conference room systems. 

Zoom says it will not monitor meeting contents, but its safety team will continue to look for evidence of abusive users.

It also pledges not to build a mechanism to decrypt live meetings for lawful intercept purposes. 

Yuan says Zoom does not have a means to insert its employees or others into meetings without being reflected in the participant list, and will not build any cryptographic backdoors to allow for the secret monitoring of meetings.

Story image
Microsoft launches program to help people with disabilities excel in tech
Microsoft wants to help people with disabilities excel in their technology careers, which is why it has launched a first-of-its-kind pilot program to achieve those goals.More
Story image
Global attack volume down, but fraud and cyber threats still going strong
“The move to digital, for both businesses and consumers, has been significant. Yet with this change comes opportunity for exploitation. Fraudsters look for easy targets: whether government support packages, new lines of credit or media companies with fewer barriers to entry."More
Link image
How to leverage backup best practices to repel ransomware
Here's how a ransomware kit with a whitepaper, webinar and 30 day free trial can help your business effectively prevent, detect and restore from a ransomware attack.More
Story image
Thales: A/NZ cybersecurity approach more talk than action
“While some organisations are talking a good story … predicted spending shows that most have the wrong focus.”More
Story image
Video: 10 Minute IT Jams - The benefits of converged cloud security
Today, Techday speaks to Forcepoint senior sales engineer and solutions architect Matthew Bant, who discusses the benefits of a converged cloud security model, and the pandemic's role in complicating the security stack in organisations around the world.More
Story image
Hands-on review: The 2020 iMac is as 'pro' as desktops can get
This year’s iMac is a beast. It ticks all boxes from design to display, internals, camera, mic and speakers. It even has the Apple T2 Security Chip for additional security.More