![]() ![]() ![]() Inbox security is your best defense against today’s fastest growing security threat – phishing and Business Email Compromise attacks. ![]() Meanwhile, it has also made a key tweak to its Zoom client to mitigate the Zoombombing attacks by threat actors that have surfaced during the surge in use. Zoom recently had to kill a feature in its iOS web conferencing app that was sharing analytics data with Facebook, after a Motherboard report disclosed that the transferred information included data on when a user opened the app, a user’s time zone, device OS, device model and carrier, screen size, processor cores and disk space.The company eliminated a feature called LinkedIn Sales Navigator that came under fire for “undisclosed data mining” of users’ names and email addresses, which the service used to match them with their LinkedIn profiles. Yuan put in a place a 90-day plan on April 1 the steps taken so far include installing ex-Facebook CISO Alex Stamos as an outside consultant, and establishing a “CISO Council,” which includes executives from HSBC, NTT Data, Procore and Ellie Mae, as well as an advisory board of security leaders from companies such as VMWare, Netflix and Uber. The acquisition is the latest move by the company to face its security issues. Terms of the Zoom deal were not released. Keybase, founded in 2014, has raised a $10.8 million so far, thanks to a 2015 financing round led by Andreessen Horowitz. In a first step, Zoom plans to publish full details of the Keybase cryptographic draft design on Friday, May 22. “I would expect Zoom to address any shortcomings with these devices within their vendor ecosystem, so the impact to most users should be minimal.”Īs for the timeline, it could take a few months for full rollout. ![]() “Once implemented, these changes won’t come without some disruption to existing users who many currently access their meetings with devices that are incapable of supporting Zoom’s end-to-end encryption protocols,” Mackey said. Opting in means that calling in by phone for the audio portion of the call, and cloud-based recording of Zoom sessions, will both be disabled. Users with paid subscriptions will be able to opt into the feature – but there will be a tradeoff in functionality. With recent examples of inappropriate accesses to meetings on the conferencing platforms, this end-to-end encryption helps ensure that any potential for a meeting to be intercepted or for someone to otherwise ‘hack’ into a meeting are minimized.” “For normal users, the addition of end-to-end encryption should be viewed as enhancing the overall security of their meetings. “Zoom’s acquisition of the Keybase team allows it to lay the foundation for what’s known as end-to-end encryption within their platform,” said Tim Mackey, principal security strategist at Synopsys CyRC, via email. For instance, Zoom’s current state of encryption is at the heart of a class-action lawsuit that alleges that Zoom only uses encryption for the transport link, thus allowing the service to still access data. The hope is that the move will help prevent the kinds of “Zoombombing” and other attacks that have plagued the platform, as well as address privacy concerns about the platform sharing data with other companies.Īs it has ramped up to 300 million subscribers during the pandemic-sparked work-from-home phenomenon, Zoom has suffered a legion of bad headlines on both fronts. “We are also investigating mechanisms that would allow enterprise users to provide additional levels of authentication.” “The host’s client software will decide what devices are allowed to receive meeting keys, and thereby join the meeting,” Yuan said. With Keybase implemented, those keys will be under the control of the host. The encryption keys for each meeting are generated by Zoom’s servers. In Zoom’s existing approach, content is encrypted using industry-standard AES-GCM with 256-bit keys, and decrypted at the other end of the session call, Yuan explained. This key will be distributed between clients, enveloped with the asymmetric keypairs and rotated when there are significant changes to the list of attendees.”Ĭritically, the encryption key for the calls will not be kept on Zoom’s servers, as they are today. “An ephemeral per-meeting symmetric key will be generated by the meeting host. “Logged-in users will generate public cryptographic identities that are stored in a repository on Zoom’s network and can be used to establish trust relationships between meeting attendees,” Zoom CEO Eric Yuan explained in a Thursday blog post. The 25-person, New York-based company will provide more robust encryption for Zoom calls on paid subscriptions by implementing an end-to-end architecture. Video calling platform Zoom is boosting its security profile via the acquisition of a small startup called Keybase. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |