sb-au logo
Story image

Zoom buys encryption startup in its first-ever acquisition

Zoom has today announced its first-ever acquisition - absorbing Keybase, an end-to-end encryption and secure messaging platform.

The video conferencing company’s inaugural acquisition indicates its intention to correct its record on privacy and security, which has drawn sharp criticism in the months where its service has seen unprecedented growth during the COVID-19 pandemic.

Terms of the deal were not disclosed.

In a blog post written by Zoom CEO Eric Yuan, the company says it intends to leverage Keybase’s deep encryption and security expertise to help Zoom build its own end-to-end encryption.

“This acquisition marks a key step for Zoom as we attempt to accomplish the creation of a truly private video communications platform that can scale to hundreds of millions of participants, while also having the flexibility to support Zoom’s wide variety of uses,” says Yuan. 

“Our goal is to provide the most privacy possible for every use case, while also balancing the needs of our users and our commitment to preventing harmful behaviour on our platform.

“Keybase’s experienced team will be a critical part of this mission.”

The acquisition represents the latest move by Zoom in its 90-day plan it announced at the beginning of April to improve its security flaws.

In late April, the company announced Zoom 5.0, which provided ‘robust’ enhancements to its security and privacy protocols, including industry-standard AES-GCM encryption with 256-bit keys.

Zoom says the acquisition announced today will take privacy further – in the ‘near future’, Zoom will offer an end-to-end encrypted meeting mode to all paid accounts. 

“Logged-in users will generate public cryptographic identities that are stored in a repository on Zoom’s network and can be used to establish trust relationships between meeting attendees,” says Yuan.

“An ephemeral per-meeting symmetric key will be generated by the meeting host. This key will be distributed between clients, enveloped with the asymmetric keypairs and rotated when there are significant changes to the list of attendees,” he says.

“The cryptographic secrets will be under the control of the host, and the host’s client software will decide what devices are allowed to receive meeting keys, and thereby join the meeting.”

However, end-to-end encrypted meetings will not support phone bridges, cloud recording, or non-Zoom conference room systems. 

Zoom says it will not monitor meeting contents, but its safety team will continue to look for evidence of abusive users.

It also pledges not to build a mechanism to decrypt live meetings for lawful intercept purposes. 

Yuan says Zoom does not have a means to insert its employees or others into meetings without being reflected in the participant list, and will not build any cryptographic backdoors to allow for the secret monitoring of meetings.

Link image
What's new in Genetec Security Center 5.9
The platform supports physical security that empowers organisations with greater situational awareness.More
Story image
Kaspersky finds red tape biggest barrier against cybersecurity initiatives
The most common obstacles that inhibit or delay the implementation of industrial cybersecurity projects include the inability to stop production (34%), and bureaucratic steps, such as a lengthy approval process (31%) and having too many decision-makers (23%). More
Story image
Yubico launches latest YubiKey with NFC & USB-C support
Yubico has released a new hardware authentication key, designed to provide security through both near-field communication (NFC) and USB-C connections and smart card support.More
Link image
Why it's crucial to normalise proper security training for remote working
Knowing and implementing best practices for remote security can save money, time and headaches. It starts with a quality solution to safeguard the workforce.More
Story image
Exabeam and Code42 partner up to launch insider threat solution
The solution will give customers a fuller picture of their environment, and will leverage automated incident response to obstruct insider threat before data loss occurs.More
Story image
SMBs seeking service providers in face of rising cyber threats
SMBs are struggling with their cybersecurity solutions, with three quarters worried about being the target of a cyberattack in the next six months, and 91% considering using or switching to a new IT service provider if offered a better option.More