Zoom calls are not end-to-end encrypted, even though it says they are

(Image credit: Shutterstock)
Audio player loading…

Zoom Video Communications has seen usage of its video conferencing service spike as a result of the coronavirus but a new report from The Intercept (opens in new tab) has shed light on the fact that its claim that its meetings have end-to-end encryption are not true.

On its website and in a security-related white paper, the US-based video conferencing company boasts about end-to-end encryption. However, The Intercept discovered that the service actually uses transport encryption instead.

Transport encryption is a Transport Layer Security (TLS) protocol which secures the connection between a user and the server they are connected to. TLS is also used to help secure connections between users and any website they visit with HTTPS protocol.

Dashlane Password Manager, now with a free VPN
Dashlane Premium (opens in new tab)

Make careless data decisions history with our dark web monitoring and alerts. Get Dashlane for seamless, private 'interneting' with 2FA (two-factor authentication) by default. Your privacy matters to us‎ so that’s why there's no limit on devices or passwords stored or shared.

However, the main difference between transport encryption and end-to-end encryption is that while others won't be able to access your data, Zoom will still be able to.

End-to-end encryption

In a statement to The Intercept, a Zoom spokesperson revealed that the service is unable to provide end-to-end encryption at the moment, saying:

“Currently, it is not possible to enable E2E encryption for Zoom video meetings. Zoom video meetings use a combination of TCP and UDP. TCP connections are made using TLS and UDP connections are encrypted with AES using a key negotiated over a TLS connection.”

Basically the company clarified that its use of the phrase “end-to-end” in its white paper is in reference to the connection being encrypted between Zoom endpoints. This means that other people can't access the data shared during Zoom video calls but the company itself still can.

Despite its recent surge in popularity, a number of privacy issues have come to light surrounding the service such as how its iOS app was found to be sending data to Facebook without explicit user consent. Thankfully Zoom recently removed the code that was sending data to the social network.

Additionally a new report from Bleeping Computer revealed that it is possible for hackers to steal passwords through Zoom's Windows client.

  • We've also highlighted the best VPN services

Via TNW (opens in new tab)

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.