Zoom says its video calls are not end-to-end encrypted, users hacked with porn content: Here’s what happened | HT Tech

Zoom says its video calls are not end-to-end encrypted, users hacked with porn content: Here’s what happened

Zoom, a popular video calling app is in hot waters as it confirms the video calls are not end-to-end encrypted. It also got hacked or ‘Zoom bombed’ by hackers recently.

By: HT CORRESPONDENT
| Updated on: Apr 02 2020, 09:06 IST
Zoom, a popular video calling app is in hot waters as it confirms the video calls are not end-to-end encrypted. It also got hacked or ‘Zoom bombed’ by hackers recently.
Zoom, a popular video calling app is in hot waters as it confirms the video calls are not end-to-end encrypted. It also got hacked or ‘Zoom bombed’ by hackers recently. (Zoom)
Zoom, a popular video calling app is in hot waters as it confirms the video calls are not end-to-end encrypted. It also got hacked or ‘Zoom bombed’ by hackers recently.
Zoom, a popular video calling app is in hot waters as it confirms the video calls are not end-to-end encrypted. It also got hacked or ‘Zoom bombed’ by hackers recently. (Zoom)

We have already told you that popular Houseparty video calling app has several privacy and security loopholes, can track you and extract your personal information even when you don't want it. Now, another video calling service called Zoom, which has become immensely popular during the coronavirus lockdown, confirms that it doesn't actually support end-to-end encryption. A separate report adds that hackers have also been able to breach Zoom video calls, exposing what you talk about within the call.

What about the hack?

According to a recent report by AFP, the FBI's Boston office recently witnessed increased number of video call breach cases wherein the hackers can enter a video call and post porn content. The FBI reportedly, "received multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language."

People has also been tweeting about it with screenshots.

As per FBI, hackers had 'Zoom-bombed' schools that are now taking online classes due to the lockdown. In one of the cases, someone dialed into a virtual classroom held by a Massachusetts high school teacher and shouted obscene language before revealing her home address.

The company however gave a response, stating that it "takes its users' privacy, security, and trust extremely seriously." It added that "During the COVID-19 pandemic, we are working around-the-clock to ensure that hospitals, universities, schools, and other businesses across the world can stay connected and operational."

Also read: Zoom updates iOS app with fix for Facebook data collecting bug

But then it confirmed that video calls are not end-to-end encrypted

In a separate report by The Intercept, Zoom video calling service confirmed that their video calls are not E2E protected as mentioned in their privacy policy pages and security white paper.

"Currently, it is not possible to enable E2E encryption for Zoom video meetings. Zoom video meetings use a combination of TCP and UDP. TCP connections are made using TLS and UDP connections are encrypted with AES using a key negotiated over a TLS connection," said the spokesperson to the news website.

It has been mentioned that Zoom uses TLS encryption, which is the same that is used in HTTPS websites. This means that the Zoom app running on your computer or smartphone has the same encryption level as it is between the browser and any other website. This is different from end-to-end encryption, which is there in services such as WhatsApp, Telegram and others.

Also read: Elon Musk's SpaceX bans Zoom over privacy concerns

Zoom has also confirmed that while the videos are safe from others trying to snoop-in, the company itself can access them. The privacy policy page, as pointed out by Consumer Reports, lets Zoom collect your data and share it with advertisers, which is the case with other social media websites and services as well.

However, Zoom is said to gather 'customer content' as well. This includes "information you or others upload, provide, or create while using Zoom." Some of the examples mentioned by the company are "Cloud recordings, chat/instant messages, files, whiteboards, and other information shared while using the service, voice mails." And the company says that these details are used to provide Zoom services, for easy search in chat log history, Zoom phone services and more.

In its latest blog post, the company has however, apologised for using the term 'end-to-end encryption', which indeed confirms the aforementioned claims. "In light of recent interest in our encryption practices, we want to start by apologizing for the confusion we have caused by incorrectly suggesting that Zoom meetings were capable of using end-to-end encryption. Zoom has always strived to use encryption to protect content in as many scenarios as possible, and in that spirit, we used the term end-to-end encryption," states the post.

Follow HT Tech for the latest tech news and reviews , also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 02 Apr, 08:53 IST
NEXT ARTICLE BEGINS