An ephemeral per-meeting symmetric key will be generated by the meeting host. Logged-in users will generate public cryptographic identities that are stored in a repository on Zoom’s network and can be used to establish trust relationships between meeting attendees. Zoom will offer an end-to-end encrypted meeting mode to all accounts. However, for hosts who seek to prioritize privacy over compatibility, we will create a new solution. Additionally, some features that are widely used by Zoom clients, such as support for attendees to call into a phone bridge or use in-room meeting systems offered by other companies, will always require Zoom to keep some encryption keys in the cloud. However, the encryption keys for each meeting are generated by Zoom’s servers. With the recent Zoom 5.0 release, Zoom clients now support encrypting audio, video, chat, and screen sharing content using industry-standard 256-bit AES-GCM. It is not decrypted until it reaches the recipients’ devices. Today, audio and video content flowing between Zoom clients (e.g., Zoom Rooms, laptop computers, and smartphones running the Zoom app) is encrypted at each sending client device. Keybase’s experienced team will be a critical part of this mission. Our goal is to provide the most privacy possible for every use case, while also balancing the needs of our users and our commitment to preventing harmful behavior on our platform. This acquisition marks a key step for Zoom as we attempt to accomplish the creation of a truly private video communications platform that can scale to hundreds of millions of participants, while also having the flexibility to support Zoom’s wide variety of uses. We are excited to integrate Keybase’s team into the Zoom family to help us build end-to-end encryption that can reach current Zoom scalability. Since its launch in 2014, Keybase’s team of exceptional engineers has built a secure messaging and file-sharing service leveraging their deep encryption and security expertise. Users can help keep themselves secure by applying current updates or downloading the latest Keybase software with all current security updates," the spokesman said.We are proud to announce the acquisition of Keybase, another milestone in Zoom’s 90-day plan to further strengthen the security of our video communications platform. "We addressed the issue identified by the Sakura Samurai researchers on our Keybase platform in version 5.6.0 for Windows and macOS and version 5.6.1 for Linux. In a statement, a Zoom spokesman said that the company appreciates the work of the researchers and takes privacy and security "very seriously." Zoom said it has fixed the flaw in the latest versions of its software for Windows, macOS and Linux. The flaw was discovered by researchers from the group Sakura Samurai as part of a bug bounty program offered by Zoom, which acquired Keybase in May, 2020. However, it could put their security, privacy and safety at risk, especially for users living under authoritarian regimes in which apps like Keybase and Signal are increasingly relied on as a way to conduct conversations out of earshot of law enforcement or security services. The flaw in the encrypted messaging application ( CVE-2021-23827) does not expose Keybase users to remote compromise. A serious flaw in Zoom's Keybase secure chat application left copies of images contained in secure communications on Keybase users' computers after they were supposedly deleted.
0 Comments
Leave a Reply. |