Security Experts:

Zoom Introduces End-to-End Encrypted Phone Calls

Zoom this week revealed that its users will be getting the option to encrypt their one-on-one phone calls courtesy of end-to-end encryption (E2EE) being expanded to Zoom Phone.

Starting last year, the video calling platform has been offering E2EE in Zoom Meetings, and it is now ready to make it available for one-on-one phone conversations made through the Zoom client as well.

Once the new feature is available, users will see a “More” option during phone calls, allowing them to turn on encryption, which will be activated nearly instantly. Users will also have the option to check E2EE status by providing a unique security code to one another.

The video conversation platform plans to make the E2EE feature available in Zoom Phone in the coming year.

Additionally, the company has announced a Bring Your Own Key (BYOK) offering catered to those customers that need to provision and manage their own encryption keys in order to meet strict compliance requirements.

“With our BYOK offering, both Zoom and the customer are responsible for establishing a security framework,” Zoom says.

BYOK, the company explains, is meant for securely storing large assets, rather than real-time use cases, such as video streaming.

With the feature enabled, a customer master key (CMK) will be stored in a key management system (KMS) in AWS, which will be unavailable to Zoom. The video conferencing platform will interact with the KMS to fetch data keys to encrypt and decrypt assets before they are written to long-term storage.

“Zoom will not store plaintext data keys in long-term data storage,” the platform says.

BYOK will become available in beta in the coming months, allowing users to store recordings of Zoom Meetings and Zoom Video Webinars, and calendar for Zoom Rooms, as well as Zoom Phone voicemails and recordings.

The newly announced Verified Identity, Zoom explains, is meant to bring attestation and authentication to the Zoom experience. Developed in collaboration with Okta, it will allow the platform to verify users as they join Zoom Meetings.

When in a meeting, users will be able to share with others verified profile information such as name, email, and company domain. Meeting hosts will have the option to remove participants that are not verified or for which the displayed information doesn’t seem correct.

The feature will become available next year, marking the first step in “Zoom’s long-term identity attestation and verification initiative strategy,” the company says.

Related: CISO Conversations: Zoom, Thycotic CISOs Discuss the CISO Career Path

Related: Details Disclosed for Zoom Exploit That Earned Researchers $200,000

Related: Zoom Is 16th CVE Numbering Authority Appointed in 2021

view counter