Zoom acquires security startup Keybase as it aims to achieve end-to-end encryption
Even as Zoom has grown in popularity, the app has been criticised for its security and privacy loopholes. The company is now looking to address these concerns.
Video meet app Zoom on Thursday announced the acquisition of secure messaging and file-sharing service Keybase, as part of its 90-day pledge to address privacy and security issues with its own platform.
The acquisition, for which financial terms were not disclosed, is aimed at eventually building end-to-end encryption on Zoom.
According to Eric S Yuan, CEO of Zoom, the first step is getting the right team together.
"Keybase brings deep encryption and security expertise to Zoom, and we're thrilled to welcome Max and his team. Bringing on a cohesive group of security engineers like this significantly advances our 90-day plan to enhance our security efforts," Yuan said in a statement.
Since its launch in 2014, Keybase's team has built a secure messaging and file-sharing service leveraging their deep encryption and security expertise.
"Keybase is thrilled to join Team Zoom! Our team is passionate about security and privacy, and it is an honour to be able to bring our encryption expertise to a platform used by hundreds of millions of participants a day," said Max Krohn, Keybase.io co-founder and developer.
Krohn will lead the Zoom security engineering team, reporting directly to Yuan. Leaders from Zoom and Keybase will work together to determine the future of the Keybase product.
"We are excited to integrate Keybase's team into the Zoom family to help us build end-to-end encryption that can reach current Zoom scalability," said Yuan.
The company said the audio and video content flowing between Zoom clients (Zoom Rooms, laptop computers, and smartphones running the Zoom app) is encrypted at each sending client device.
"It is not decrypted until it reaches the recipients' devices. With the recent Zoom 5.0 release, Zoom clients now support encrypting content using industry-standard AES-GCM with 256-bit keys," said the company.
However, the encryption keys for each meeting are generated by Zoom's servers.
Additionally, some features that are widely used by Zoom clients, such as support for attendees to call into a phone bridge or use in-room meeting systems offered by other companies, will always require Zoom to keep some encryption keys in the cloud.
"However, for hosts who seek to prioritize privacy over compatibility, we will create a new solution," said Yuan.