The Zoom Encryption Protocol - Why ECB Is Bad

April 7, 2020

If you use Zoom video-conferencing software, you probably be aware of the recent controversy about the security of their encryption protocols. In this short video, Graham gives his take on the controversy:

In particular, Graham thinks arguments about whether ECB mode encryption allows a passive attacker to reconstruct the video stream are missing the point: using ECB mode may well allow nastier active attacks, involving splicing the stream to provoke errors or other behaviour that could allow chunks of encrypted data to be revealed. As of writing this, Zoom are working on a security update. We're hoping they will be transparent about an update to their cryptographic architecture.