An analysis of Zoom’s encryption scheme, published on Friday by Citizen Lab at the University of Toronto, shows that Zoom does generate and hold all keys itself on key management systems. The report notes that most of Zoom’s developers are based in China, and that some of its key management infrastructure is in that country, meaning keys used to encrypt your meetings could be generated there. It’s also unclear how Zoom generates keys and whether they’re adequately random or might be predictable.
“It would help if Zoom were more clear about how keys are generated and transmitted,” Teserakt’s Aumasson says.
Citizen Lab’s investigation found that every Zoom meeting is encrypted with one key that is distributed to all meeting participants, and it doesn’t change until everyone has left the “room.” Conceptually, this is a legitimate way to encrypt video calls, but its overall security depends on a number of factors, including what happens in situations where only some people join or leave the meeting after it has started. Citizen Lab found that the key does not change when some participants join and leave, and only refreshes when everyone has left a meeting. Citizen Lab also found that Zoom uses an unexpected configuration for its transport protocol, used in delivering audio and video over the internet. Improvising alternatives in this way is often called “rolling your own” cryptography, typically a red flag given how easy it is to make mistakes that create vulnerabilities.
“It sounds like Zoom solved a lot of the hard problems, but didn’t go all the way,” says Johns Hopkins University cryptographer Matthew Green.
After reviewing Citizen Lab’s findings, all the cryptographers WIRED spoke to for this story emphasized that Zoom’s centralized key management system and opaque key generation is the biggest issue with the company’s past end-to-end encryption claims, as well as its current muddled messaging on the subject. Other enterprise video conferencing services take a similar approach to managing keys. The issue for Zoom is simply that the company made claims that evoked a much more secure—and desirable—offering.
Adding to the confusion, Zoom’s blog post claims that the company can still make many of the guarantees that come with true end-to-end encryption. “Zoom has never built a mechanism to decrypt live meetings for lawful intercept purposes, nor do we have means to insert our employees or others into meetings without being reflected in the participant list,” Gal wrote. It seems clear, though, that governments or law enforcement could ask the company to build such tools and the infrastructure would allow it.
The blog post also notes that Zoom offers a way for customers to manage their own private keys, an important step toward end-to-end encryption, by physically installing Zoom infrastructure like servers on their own premises. A cloud-based option for users to do their own key management through Zoom’s remote servers is coming later this year, according to Gal.
“Running the entire Zoom infrastructure—clients, servers, connectors—in-house, sure, but this can only be done by big organizations. What can the rest of us do,” Kamara says. “And for the cloud-based option this kind of sounds like end-to-end encryption, but who knows—maybe they mean something else. If it is, then why not just say, ‘end-to-end encryption will be available later this year’?”
The fact is that implementing end-to-end encryption with the kinds of features Zoom offers is very difficult. A free Zoom account can host calls with up to 100 participants. “Enterprise Plus” tier users can have up to 1,000 people on the line. By comparison, it took Apple years to get end-to-end encryption to work with 32 participants on FaceTime. Google’s enterprise-focused Hangouts Meet platform, which doesn’t offer end-to-end encryption, can only handle up to 250 participants per call.
For most users in most situations, Zoom’s current security seems adequate. Given the service’s rapid proliferation, though, including into high sensitivity settings like government and healthcare, it’s important that the company give a real explanation of what encryption protections it does and doesn’t offer. The mixed messages aren’t cutting it.
More Great WIRED Stories
