• Home
  • Apps
  • Apps News
  • Zoom Meetings Not End to End Encrypted, Flaw Exposes Email Address and Photos of Users: Reports

Zoom Meetings Not End-to-End Encrypted, Flaw Exposes Email Address and Photos of Users: Reports

Only the text-based conversation on Zoom is end-to-end encrypted.

Share on Facebook Tweet Snapchat Share Reddit Comment
Zoom Meetings Not End-to-End Encrypted, Flaw Exposes Email Address and Photos of Users: Reports

Photo Credit: Zoom

Zoom maintains a directory of email addresses with identical domain names

Highlights
  • Zoom’s ‘Company Directory’ is at fault for the privacy concern
  • Zoom has blacklisted a few domains to solve the issue
  • The company can access unencrypted meeting content

Zoom has lately become the go-to video conferencing platform (sorry Skype and Hangouts) as more people are now working remotely while they practise self-isolation during the coronavirus lockdown. However, Zoom has also been mired in some worrying security issues in the past few days. And despite the company assuring users that the platform is secure, there are a few lapses due to mismanagement of user data than can expose the personal information of users. Also, Zoom seems to indicate that it offers end-to-end encryption for everything, but in reality, only text chats are end-to-end encrypted on its platform.

Zoom's folly, user's tragedy

Multiple users have pointed out that they can see the email address of random people and even their photos on their respective Zoom profiles. Exposing email address to strangers is an open invitation to spam in your inbox, but there is a more worrying aspect here. One can actually start a video call with a random person whose profile appears in their contacts, without never actually knowing them. So, how did this happen?

Zoom actually maintains something called ‘Company Directory' where are all email addresses with the same domain name (save for generic ones like Gmail and Yahoo) are listed together. Zoom apparently perceives similar domain name endings as people working in the same company, but apparently, this method has its own flaws. If your email address has been added to one such ‘company directory', mistaking you as a colleague of hundred others, random strangers can see your photos and even call you.

When Zoom was made aware of the issue, the company blacklisted those domains. “Zoom maintains a blacklist of domains and regularly proactively identifies domains to be added. With regards to the specific domains that you highlighted in your note, those are now blacklisted”, a Zoom spokesperson was quoted as saying. Moreover, if your email address has also been compromised by a faulty listing in Zoom's directory, you can actually request Zoom to get it removed. Zoom says on its website that owners or admins can also choose to turn off the directory inclusion feature.

No, Zoom video calls are not end-to-end encrypted

“Zoom's solution and security architecture provides end-to-end encryption and meeting access controls so data in transit cannot be intercepted” says Zoom on its website. The statement makes one believe that Zoom calls are end-to-end encrypted, but that's not really the case. “Currently, it is not possible to enable E2E encryption for Zoom video meetings.

Zoom video meetings use a combination of TCP and UDP. TCP connections are made using TLS and UDP connections are encrypted with AES using a key negotiated over a TLS connection,” a Zoom spokesperson was quoted as saying by The Intercept. The only content that is end-to-end encrypted on Zoom is the text in chats.

What this means is Zoom can access the unencrypted video and audio content of users' meetings. This is not the definition of end-to-end encryption. End-to-end encryption is when the content of a text or multimedia conversation can only be accessed and decrypted by the sender and receiver because they have the decryption keys, and not the service provider itself.

This is what happens when you use apps such as Signal and WhatsApp, but that is not the case with Zoom. In broad terms, a third-party can't eavesdrop on your Zoom video or audio conversation, but the company itself can access the contents. Of course, Zoom claims to abide by the privacy norms put in place, but the way Zoom explains the security aspect of the platform on its website is a bit misleading.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Further reading: Zoom
Nadeem Sarwar Nadeem Sarwar has been writing about technology, smartphones, and gaming for Gadgets 360. He closely follows new launches, leaks, and the latest developments in the world of tech. More
Google Assistant Gets COVID 19 Information Hub on Android: All You Need to Know
iPhone 11 Pro Max, iPhone 11 Pro, iPhone 11, iPhone XR Price in India Increased Due to GST Rate Impact

Related Stories

 
 

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2020. All rights reserved.
Listen to the latest songs, only on JioSaavn.com