Zoom Video Communications has announced the global rollout of post-quantum end-to-end encryption (E2EE) for Zoom Meetings, positioning itself as the first UCaaS provider to offer this advanced security feature.
Zoom Video Communications, commonly known as Zoom, is a technology company that provides video conferencing, online meetings, chat, and mobile collaboration services through its proprietary software, Zoom Meetings.
In an announcement today, Zoom revealed the introduction of post-quantum E2EE for Zoom Workplace, starting with Zoom Meetings and promising to extend the feature to Zoom Phone and Zoom Rooms soon.
This proactive measure ensures user data remains secure against future quantum computing threats, but also addresses concerns about existing risks such as “harvest now, decrypt later” scenarios. Attackers might capture encrypted data today, intending to decrypt it later using quantum computers. While such powerful quantum computers are not yet capable enough or widespread, Zoom’s adoption of post-quantum E2EE prepares for this eventuality.
Zoom’s Chief Information Security Officer, Michael Adams, emphasizes the company’s dedication to security, noting the increasing use of E2EE since its launch for Zoom Meetings in 2020 and Zoom Phone in 2022.
“With the launch of post-quantum E2EE, we are doubling down on security and providing leading-edge features for users to help protect their data. At Zoom, we continuously adapt as the security threat landscape evolves, with the goal of keeping our users protected,”
Michael Adams
When E2EE is activated, only the meeting participants possess the encryption keys, ensuring that any data transmitted via Zoom’s servers remains unreadable. This applies to both standard and post-quantum E2EE. To address “harvest now, decrypt later” threats, Zoom utilizes the Kyber 768 algorithm, which the National Institute of Standards and Technology (NIST) is standardizing as the Module Lattice-based Key Encapsulation Mechanism (ML-KEM) in FIPS 203.
Zoom has taken massive strides since the controversial early 2020 times when it experienced a significant surge in popularity during the COVID-19 pandemic, seeing its userbase explode from 10 million to 300 million daily video participants.
Back then, the platform was severely criticized for lack of data security and privacy, “Zoom-bombing” incidents, false end-to-end encryption claims, and an abundance of easily exploitable vulnerabilities.
Zoom has continued to improve its security measures and expand its service offerings, and today, it is the first provider of video communications to offer post-quantum encryption resistance, following in the footsteps of Signal, iMessage, and Tuta Mail.