Get all the latest news on coronavirus and more delivered daily to your inbox. Sign up here.
The acquisition of Keybase, secure messaging and file-sharing, adds cryptographic expertise to Zoom's staff as it deals with the fallout of security breaches discovered as, company's schools and families started to use the video conferencing software as they sheltered in place to slow the spread of the new coronavirus.
Initially, our single top priority is helping to make Zoom even more secure," Keybase wrote in a blog post. "So, our shortest-term directive is to significantly improve our security effectiveness, by working on a product that's that much bigger than Keybase. We can't be more specific than that, because we're just diving in."
Zoom has a 90-day plan to strengthen the video conferencing app's privacy and security after it came under the scrutiny of state and federal lawmakers. Lawmakers accused the company of not anticipating the risks, such as "zoombombing," that could come with a huge surge of users amid the coronavirus pandemic.
|ZM||ZOOM VIDEO COMMUNICATIONS, INC.||286.66||-10.93||-3.67%|
"Since its launch in 2014, Keybase’s team of exceptional engineers has built a secure messaging and file-sharing service leveraging their deep encryption and security expertise," Yuan said in a statement. "We are excited to integrate Keybase’s team into the Zoom family to help us build end-to-end encryption that can reach current Zoom scalability."
An April 3 study by the University of Toronto's Citizen Lab found that Zoom could possibly have "the ability to monitor encrypted calls because they have access to the encryption keys."
The finding related back to Zoom's previous claim that it offered end-to-end encryption — a type of technology that prevents developers and other third parties like hackers or law enforcement from accessing private communication between two parties on a platform. Apps such as Facebook Messenger and WhatsApp offer this feature.
Zoom claimed that its servers were endpoints, suggesting that only users have access to their private conversations, but the study shows that the app's servers were not endpoints but instead acted as intermediaries, meaning Zoom had access to those conversations.
Yuan said his company was working to upgrade its encryption design.
"Due to the unique needs of our platform, our goal is to utilize encryption best practices to provide maximum security, while also covering the large range of use cases that we support," he said at the time. "We are working with outside experts and will also solicit feedback from our community to ensure it is optimized for our platform."