Zoom update to add end-to-end encryption to stop conversations being intercepted amid privacy concerns

Company previously indicated chats that were secured – but analysis showed they were not

Zoom will finally add end-to-end encryption to stop messages being intercepted as they are sent.

The company had previously suggested that its chats were protected with the technology – but further analysis showed that it was weaker than expected.

Now the company has committed to increase its security protections after buying a secure messaging and file-sharing service.

The video-conferencing platform has acquired Keybase, an encrypted messaging platform for an undisclosed fee.

Zoom said it would use Keybase engineers joining the company to help it build end-to-end encryption into its video platform as part of an ongoing pledge to improve the firm's security features.

Zoom had been criticised for previously suggesting on its website that it used end-to-end encryption when in fact it did not.

At the beginning of April, the company revealed it had suspended all other product development to focus on security features after a number of concerns were raised about safety on the service as it gained millions of new users during the coronavirus lockdown.

A 90-day programme to improve Zoom's security settings was then launched by the firm.

On the promise to introduce end-to-end encryption, Zoom chief executive Eric Yuan said: "There are end-to-end encrypted communications platforms. There are communications platforms with easily deployable security. There are enterprise-scale communications platforms. We believe that no current platform offers all of these.

"This is what Zoom plans to build, giving our users security, ease of use, and scale, all at once.

"The first step is getting the right team together. Keybase brings deep encryption and security expertise to Zoom, and we're thrilled to welcome Max (Krohn, Keybase co-founder) and his team.

"Bringing on a cohesive group of security engineers like this significantly advances our 90-day plan to enhance our security efforts."

Zoom said its intention is to offer end-to-end encryption meetings to all paid account users.

"We believe this will provide equivalent or better security than existing consumer end-to-end encrypted messaging platforms, but with the video quality and scale that has made Zoom the choice of over 300 million daily meeting participants, including those at some of the world's largest enterprises," the firm said.

Industry expert Tim Mackey, principal security strategist at Synopsys' Cybersecurity Research Centre (CyRC), said Zoom's announcement appeared to be a positive step.

"Zoom's acquisition of the Keybase team allows it to lay the foundation for what's known as end-to-end encryption within their platform," he said.

"This looks like proper end-to-end encryption, but of course the devil is in the details so the implementation will be the true test.

"For normal users, the addition of end-to-end encryption should be viewed as enhancing the overall security of their meetings.

"With recent examples of inappropriate accesses to meetings on the conferencing platforms, this end-to-end encryption helps ensure that any potential for a meeting to be intercepted or for someone to otherwise 'hack' into a meeting are minimised."

Additional reporting by agencies

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

View comments