In the past few weeks has exploded the use of video calling apps like Zoom both in the business field as in the personal and even the political. With this, the scrutiny on the safety of this type of services has intensified and this application is not going very well stop.
The first controversy occurred when it was discovered that the application of Zoom for iOS he shared the location and other data with Facebook without permissionsomething that fixed with an update and an apology. In spite of that, they are going to be sued for a user to consider that this circumstance constitutes a violation of the privacy of the user.
The second has jumped during the last few hours, when The Intercept he has published information in which reveals that video Zoom are not encrypted end-to-end.
And this controversy is not the last one, which is in progress. The chief technical officer of crawler malware VMRay, Felix Seele, ensures the installer of Zoom for Mac uses scripts to automate the installation without requesting the user’s permission and forging a message from the system to obtain privileges on the system. Although it is not strictly malicious, Seele remembers that they are “the same tricks used by the malware for macOS”. Will have to see what is this another fire.
Encryption, yes, but not end-to-end
The grace of the encryption end-to-end is that the information that is transmitted can only be decrypted by the sender and the receiver. No one else has the key that allows to know the content of the data that are transmitted. We are confident that the information, from beginning to end, is not exposed.
This form of encryption is not the same as that used Zoom, as support a company spokesman to The Intercept:
“It is not currently possible to enable the encryption E2E (end to end) for the meetings of video Zoom. Video conferencing Zoom use a combination of TCP and UDP. TCP connections are made using TLS and UDP connections are encrypted with AES, using a key negotiated over a TLS connection”.
Translated to a language more close, which makes this buoyant conferencing application is, first, to encrypt the information sent by the sender, and comes to their servers. Then, that same information is encrypted when it is sent to the receivers. What is the problem? That in the meantime, in the servers, the data are exposed. A great problem, since then.
This poses a double risk if we start from the basis of good faith that is supposed, to the company. The first, as explain our co Applesferais that government agencies of intelligence can obtain legal access to these data and, as are readable in the servers of Zoom, is transmitted without major difficulty, something that it would not happen with the encryption of end-to-end for good and for bad.
The second risk is that, as the company has access to the information, an attacker would have access to the servers, potentially also would have it. All a weak point. More if it fits in an implementation of these features, and these uses so delicate.
At this point, are there alternatives?
If we are concerned about the lack of encryption of end-to-end the levels of the video Zoom, the two great alternatives that we have on the table to improve the security of our meetings are WhatsApp, Signal and FaceTime. They are not alternative complete, because they are not designed for that Zoom, but can allow us to minimize the exposure of the video calls.
WhatsAppfrom that decided to encrypt end-to-end all calls and messages in 2016, has been implementing this encryption new features that have been incorporated with the passage of time as the video. The encryption and decryption of information transmitted between two users of the platform happens complete on their phones.
On the other hand, Signalthe application of secure messaging for excellence, incorporated encryption end-to-end for their video conferencing in 2017. This service, moreover, has frequently been recommended by activists of the privacy as prominent as Edward Snowden, Laura Poitras, or Matt Green.
In the event that we are users of Apple products, FaceTime it would be a third alternative. The service of video calls of Cupertino enjoys a encryption end-to-end since their launch in 2018.
it was originally published in