Zoom recently has proven exponentially, that videoconferencing is not, and under no circumstances, likely to prevent intruders and attacks.
The main reason is that Zoom and many other services claim end-to-end encryption. Even though with Zoom that itself was a false claim. They have since bought a company to help them install encryption on a paid portion of their product.
Wait a minute you ask, isn’t end-to-end encryption a good thing?
Well, not if you as the user” define yourself and your device as one of the ends. If you as a person believe that you will be the only person that can read your message(s), open your file(s) or access your data, then E2E does will never meet your definition.
You see, millions of companies like ZOOM, claim E2E. In their definition, E2E actually means Server to Originator to Server to End. Their key server is the quintessential “Man In The Middle” who is reading, harvesting and creating big data marketing & cyber espionage campaigns using all of yours, and every other user’s data. Even further, your data at rest on your originating device is not protected in any way by E2E encryption. The first point it becomes encrypted is when it connects with the key providers server, whom of course has full knowledge of the content. Just check with Apple to see if that’s not the case.
What is shown in the above diagram is what Zoom, and most other firms define as E2E encryption. Your user data is “in the clear” from your device to the “The Man”, which is your messenger system’s server. There it will be encrypted for “in-transit” purposes only. This means that the original message or data could be just stored in the clear as is the case with Verizon, AT&T, T-Mobile. The gap in security is fairly obvious.
Just to make security concerns even scarier, many key servers are located in geopolitical areas that may not share your businesses or nations interest. Zoom for instance, was using servers based in China. What could go wrong? As I am sure you are aware, the Chinese Government by law, is able to surveil any server based in China. E2E encryption won’t do your firm or nation much good if that is the case.
To further compound the death knell of E2E encryption is quantum computing. Even the “in-transit” encryption benefit of most encryption products will be rendered obsolete in the immediate future.
One of our mantras at BLAKFX, is “Having a False Sense of Security is Worse Than No Security at All.” Don’t allow your organization to be lulled into that mindset.