Zoom acquires Keybase to beef up encryption, ease security questions

Written by

It looks like Zoom is putting some money behind its plans to quickly upgrade its security measures.

The San Jose-based company behind the now-popular videoconferencing software announced Thursday it has acquired Keybase, known for its secure messaging and file-sharing services. The plan, Zoom says, is to integrate Keybase’s personnel to build end-to-end encryption throughout the service. Terms of the deal were not disclosed.

“Our goal is to provide the most privacy possible for every user case, while also balancing the needs of our users and our commitment to preventing harmful behavior on our platform,” Zoom said in a statement. “Keybase’s experienced team will be a key part of this mission.”

The deal comes after Zoom chief executive Eric Yuan said the company had failed to prioritize data protection during a period when its number of daily users skyrocketed to 200 million, up from roughly 10 million users prior to the coronavirus pandemic. The FBI issued a bulletin warning users about the rise of “Zoombombing,” in which outsiders barged into unprotected calls, and the firm was accused of inappropriately sharing data with Facebook.

Security researchers who scrutinized Zoom’s technology also determined that calls were not protected with end-to-end encryption, despite claims to the contrary. In response, Yuan said on April 1 that Zoom would embark on a 90-day “feature freeze,” and tighten its security controls.

When Keybase technology is implemented into Zoom’s software, the Zoom user who schedules a meeting will be able to select end-to-end encryption, the company says. The update will prevent users from dialing-in by phone, a common technique that nonetheless has been abused by Zoombombers. It will also deactivate the capability to save a recording of the meeting in the cloud.

Keybase previously raised $10.8 million in funding, led by the venture capital firm Andreesen Horowitz, announced in 2015. Keybase’s technology will be incorporated into Zoom’s premium subscription, and not the free service.

Zoom says it will publish a draft of its cryptographic design by May 22, then solicit feedback from encryption experts and customers before deploying a final design.

The effort comes after Zoom added H.R. McMaster, former assistant to the president for National Security Affairs, to its board of directors, and enlisted Alex Stamos, the former chief security officer at Facebook, as an adviser. The company also hired Luta Security, a respected vulnerability disclosure firm founded by Katie Moussouris, to manage submissions from external security researchers.