End-to-end encryption on Zoom: current status

bitheerani90 · Post by **bitheerani90** » Wed Apr 23, 2025 4:04 am

The developers listened to the criticism and took steps to improve the security of the platform, including implementing E2EE.

Zoom has been using E2EE for audio and video calls as well as chat since fall 2020. When it is activated, Zoom protects participants' data with a so-called conference encryption key. The key is not stored on Zoom's servers, so even developers cannot decrypt the content of conversations. The platform only stores encrypted user IDs and some meeting metadata, such as call duration.

To protect against external connections, the developers iceland mobile database also introduced the Heartbeat feature, a signal that the meeting leader's app automatically sends to other users. It contains, among other things, a list of participants to whom the meeting leader has sent the current encryption key. If someone who is not on the list joins the meeting, everyone will know immediately that something is wrong.

Another way to keep unwanted participants out is to lock the meeting (using the aptly titled Lock Meeting feature ) once all the invitees have gathered. You have to lock meetings manually, but once you do, no one else will be able to join, even if they have the meeting ID and password.

Zoom also protects against man-in-the-middle attacks with encryption key rollover. To ensure that an outsider isn’t eavesdropping, the meeting leader can click a button at any time to generate a security code based on the current meeting’s encryption key. The code is then generated automatically for other meeting participants. The leader simply reads this code out loud; if it matches everyone else’s, then everyone is using the same key and everything is fine.

Finally, if the meeting leader leaves the meeting and someone else takes over, the app will report the handover. If it seems suspicious to others on the call, they can pause any top-secret discussions until everything is resolved.

Sure, if you’re just hosting a Zoom party with friends, you probably don’t need to use all of these security mechanisms. But if business (or other) secrets are at stake virtually, these protection tools can really come in handy, so attendees of important meetings should be aware of them and how to use them.

Despite the innovations, Zoom developers admit they still have a long way to go. The RSA 2021 keynote also shed light on where Zoom intends to go next.