Zoom concedes custom encryption is substandard as Citizen Lab pokes holes in it

Citizen Lab, a research group within the University of Toronto, has been able to drive a proverbial truck through the encryption used by video conferencing app Zoom.

In a report where the group said the video platform was not suitable for sharing secrets nor government or business use, Citizen Lab found Zoom has been rolling its own encryption scheme as part of a custom extension to the real-time transport protocol.

Further, instead of using AES-256 encryption as Zoom claims, the report found the application was using an AES-128 key in electronic code book (ECB) mode.

Read more…
Source: ZDNet

Related story: Zoomed In: A Look into a Coinminer Bundled with Zoom Installer