Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?



Zoom Introduces End-to-End Encrypted Phone Calls

Zoom this week revealed that its users will be getting the option to encrypt their one-on-one phone calls courtesy of end-to-end encryption (E2EE) being expanded to Zoom Phone.

Zoom this week revealed that its users will be getting the option to encrypt their one-on-one phone calls courtesy of end-to-end encryption (E2EE) being expanded to Zoom Phone.

Starting last year, the video calling platform has been offering E2EE in Zoom Meetings, and it is now ready to make it available for one-on-one phone conversations made through the Zoom client as well.

Once the new feature is available, users will see a “More” option during phone calls, allowing them to turn on encryption, which will be activated nearly instantly. Users will also have the option to check E2EE status by providing a unique security code to one another.

The video conversation platform plans to make the E2EE feature available in Zoom Phone in the coming year.

Additionally, the company has announced a Bring Your Own Key (BYOK) offering catered to those customers that need to provision and manage their own encryption keys in order to meet strict compliance requirements.

“With our BYOK offering, both Zoom and the customer are responsible for establishing a security framework,” Zoom says.

BYOK, the company explains, is meant for securely storing large assets, rather than real-time use cases, such as video streaming.

Advertisement. Scroll to continue reading.

With the feature enabled, a customer master key (CMK) will be stored in a key management system (KMS) in AWS, which will be unavailable to Zoom. The video conferencing platform will interact with the KMS to fetch data keys to encrypt and decrypt assets before they are written to long-term storage.

“Zoom will not store plaintext data keys in long-term data storage,” the platform says.

BYOK will become available in beta in the coming months, allowing users to store recordings of Zoom Meetings and Zoom Video Webinars, and calendar for Zoom Rooms, as well as Zoom Phone voicemails and recordings.

The newly announced Verified Identity, Zoom explains, is meant to bring attestation and authentication to the Zoom experience. Developed in collaboration with Okta, it will allow the platform to verify users as they join Zoom Meetings.

When in a meeting, users will be able to share with others verified profile information such as name, email, and company domain. Meeting hosts will have the option to remove participants that are not verified or for which the displayed information doesn’t seem correct.

The feature will become available next year, marking the first step in “Zoom’s long-term identity attestation and verification initiative strategy,” the company says.

Related: CISO Conversations: Zoom, Thycotic CISOs Discuss the CISO Career Path

Related: Details Disclosed for Zoom Exploit That Earned Researchers $200,000

Related: Zoom Is 16th CVE Numbering Authority Appointed in 2021

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...