Skip to main content

Zoom makes first ever acquisition in quest to boost security

(Image credit: Shutterstock)

Video conferencing giant Zoom has announced its first ever acquisition, as part of its quest to bolster the security facilities of its platform.

The firm has acquired secure messaging and file-sharing service Keybase, brought in to help Zoom build end-to-end encryption capable of scaling to the level made necessary by the platform's recent surge in popularity.

In a blog post, Zoom CEO Eric S. Yuan described the acquisition as “a key step” in the company’s attempt to “accomplish the creation of a truly private video communications platform”. 

In line with social distancing policies, the deal was hashed out over a Zoom video call - although the financial terms of the acquisition have not been disclosed.

Zoom acquisition

The Keybase acquisition marks the latest step in Zoom’s 90-day plan to strengthen the security of its video conferencing platform, introduced amid intense scrutiny brought about by the recent explosion in users.

Researchers uncovered a litany of vulnerabilities in the service - from the opportunity for credential theft to app hijacking, malicious code injection and more - forcing the company to suspend product development to focus on eliminating security flaws.

Zoom believes the acquisition of Keybase will help the company allay any potential concerns over its commitment to the security and privacy of its users.

“There are end-to-end encrypted communications platforms. There are communications platforms with easily deployable security. There are enterprise-scale communications platforms. We believe that no current platform offers all these. This is what Zoom plans to build,” said Yuan.

“Keybase brings deep encryption and security expertise to Zoom....Bringing on a cohesive group of security engineers like this significantly advances our 90-day plan to enhance our security efforts,” he added.

Once the new feature has been implemented, paying users will be able to activate an end-to-end encryption mode, which will see unique per-meeting encryption keys controlled by the host (and not held on Zoom servers). End-to-end encrypted meetings will not support telephone dial-in or cloud recording.

The firm believes the facility will “provide equivalent or better security than existing consumer end-to-end encrypted messaging platforms, but with the video quality and scale that has made Zoom the choice of over 300 million daily meeting participants.”

In the name of transparency, Zoom has pledged to publish an in-depth draft of its cryptographic design on May 22. It will then solicit feedback from a host of experts, before finalising the final design and deploying the feature.