[Cryptography] "Zoom's end-to-end encryption isn't

Ángel angel at crypto.16bits.net
Fri Apr 3 21:30:51 EDT 2020

On 2020-04-03 at 00:56 +0100, Peter Fairbrother wrote:
> actually end-to-end at all. Good thing the PM isn't using it for Cabinet 
> calls. Oh, for f..."
> https://www.theregister.co.uk/2020/04/01/zoom_spotlight/
> tldr:
> not end-to-end despite explicit claim
> mines all your data
> tracker-friendly
> sends data to facebook
> big login hole
> host can detect if watchers present
> all your base are belong to us
> Peter Fairbrother

Well, today you have an even bigger piece of Zoom news. Citizen Lab

- an undisclosed security issue with Zoom’s Waiting Room feature that
they are waiting for Zoom to fix before publishing

- that all the participants use the same encryption key, which is
provided by a server located in China¹

- which is then used to encrypt the video and audio using -hold tight-
AES in ECB mode.


¹ It is possible that it is *sometimes* generated by servers in the US.
They only found that the key securing a US-Canada conference was
provided by a Chinese server, not how often those were used.

More information about the cryptography mailing list