CyberInsider

Reliable cybersecurity news and resources

General

Guides

About

Cyber Insider covers the latest news in the cybersecurity and data privacy world. In addition to news, we also publish in-depth guides and resources.
See our Mission >

Zoom Adds Post-Quantum End-to-End Encryption for Zoom Meetings

By Leave a Comment
\"Zoom

Zoom Video Communications has announced the global rollout of post-quantum end-to-end encryption (E2EE) for Zoom Meetings, positioning itself as the first UCaaS provider to offer this advanced security feature.

Zoom Video Communications, commonly known as Zoom, is a technology company that provides video conferencing, online meetings, chat, and mobile collaboration services through its proprietary software, Zoom Meetings.

In an announcement today, Zoom revealed the introduction of post-quantum E2EE for Zoom Workplace, starting with Zoom Meetings and promising to extend the feature to Zoom Phone and Zoom Rooms soon.

This proactive measure ensures user data remains secure against future quantum computing threats, but also addresses concerns about existing risks such as \”harvest now, decrypt later\” scenarios. Attackers might capture encrypted data today, intending to decrypt it later using quantum computers. While such powerful quantum computers are not yet capable enough or widespread, Zoom\'s adoption of post-quantum E2EE prepares for this eventuality.

Zoom\'s Chief Information Security Officer, Michael Adams, emphasizes the company\'s dedication to security, noting the increasing use of E2EE since its launch for Zoom Meetings in 2020 and Zoom Phone in 2022.

\”With the launch of post-quantum E2EE, we are doubling down on security and providing leading-edge features for users to help protect their data. At Zoom, we continuously adapt as the security threat landscape evolves, with the goal of keeping our users protected,\”

Michael Adams

When E2EE is activated, only the meeting participants possess the encryption keys, ensuring that any data transmitted via Zoom\'s servers remains unreadable. This applies to both standard and post-quantum E2EE. To address \”harvest now, decrypt later\” threats, Zoom utilizes the Kyber 768 algorithm, which the National Institute of Standards and Technology (NIST) is standardizing as the Module Lattice-based Key Encapsulation Mechanism (ML-KEM) in FIPS 203.

Zoom has taken massive strides since the controversial early 2020 times when it experienced a significant surge in popularity during the COVID-19 pandemic, seeing its userbase explode from 10 million to 300 million daily video participants.

Back then, the platform was severely criticized for lack of data security and privacy, \”Zoom-bombing\” incidents, false end-to-end encryption claims, and an abundance of easily exploitable vulnerabilities.

Zoom has continued to improve its security measures and expand its service offerings, and today, it is the first provider of video communications to offer post-quantum encryption resistance, following in the footsteps of Signal, iMessage, and Tuta Mail.

Further reading:

About Alex Lekander

Alex is the founder and Editor-in-Chief of CyberInsider.com. His background and expertise includes digital privacy, security, and tech journalism. When he’s not working behind a screen, Alex is probably tinkering with a boat or enjoying the outdoors.

Reader Interactions

Comments

  1. BITR

    Zoom “is the first provider of video communications to offer post-quantum encryption resistance, following in the footsteps of Signal, iMessage, and Tuta Mail.”
    Do these platforms or yourself see by a crystal ball the trouble in trusting technology today given the facts we need to understand?
    Nothing digital can be made 100% secure, any online company can only protect your data best as technically possible inso going that far, most won’t go there!

    In principle, a non-quantum (classical) computer can solve the same computational problems as a quantum computer, given enough time.
    Quantum advantage comes in the form of time complexity rather than computability, and quantum complexity theory shows that some quantum algorithms for carefully selected tasks require exponentially fewer computational steps than the best known non-quantum algorithms.

    See
    In a 1984 paper, Charles Bennett and Gilles Brassard applied quantum theory to cryptography protocols and demonstrated that quantum key distribution could enhance information security.
    Quantum computing
    [https://en.m.wikipedia.org/wiki/Quantum_computing]

    In its short history see the who’s who lineup.
    OpenAI
    [https://en.m.wikipedia.org/wiki/OpenAI]

    Others believe that humans will evolve or directly modify their biology so as to achieve radically greater intelligence.[3
    The first generally intelligent machines are likely to immediately hold an enormous advantage in at least some forms of mental capability, including the capacity of perfect recall, a vastly superior knowledge base, and the ability to multitask in ways not possible to biological entities. This may give them the opportunity to—either as a single being or as a new species—become much more powerful than humans, and to displace them.[
    Superintelligence
    [https://en.m.wikipedia.org/wiki/Superintelligence]

    Part of the discipline thus seeks a systematic and pattern-based understanding of past and present, and to explore the possibility of future events and trends.
    Futurology
    [https://en.m.wikipedia.org/wiki/Futures_studies]

    Personal data is data that can single a person out (on their own or in combination with other data), without an unlikely degree of effort or expense or technological development. The GDPR definition of “personal data” includes any data that can indirectly contribute to singling out an individual, including unique IDs codes, certain types of IP addresses, and encrypted data that one can decrypt without disproportionate effort. But data that are entirely impossible to access are not personal data.

    Reply

    • BITR

      Then consider, TRAPWIRE
      TrapWire is an American software and services company focused on risk mitigation and threat detection.
      The company was founded in 2004 by Richard “Hollis” Helms as a division of Abraxas Corporation, a company formed by C.I.A. officers.
      Helms is the former head of the C.I.A’s European division.
      According to company documents, the first deployment of the TrapWire system appears to have occurred in 2007 and was originally built and deployed to protect US critical infrastructure. The system currently provides physical security and threat detection services to more than 2,000 public and private sector sites across the US. The system is being used to identify threats ranging from terrorism to organized crime, human trafficking, fraud and Crimes Against Children.

      TrapWire does not list its clients online; however, a review of publicly available documents indicates the firm’s clients include, among others, the US military, state and local law enforcement, Fusion Centers, financial institutions, transportation hubs, energy sites, and the hospitality and gaming industry. For example, The Texas Monitor claimed that TrapWire formed an increasing size of contract with Texas.

      As well remember, the FBI’s cyber-division is it’s fastest growing branch monitoring facebook, twitter and the like for any types of cybercrime.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *