Why Zoom's use of "encryption" is so misleading
As the #covid19 pandemic is unfolding, the increasing demand for software that enables people to contact eachother has experienced a tremendous surge. At the same time, #Zoom has received a lot of flak, and some of the criticism they’ve received has really caught my eye.
(The spike around March is essentially the same for similar searches, e.g. conference software, web conference, internet meeting, etc.)
To be fair, they never actually state that they provide E2E encryption in their whitepaper, but they also conveniently omit mentioning that they use AES-256’s seriously deprecated ECB (Electronic Code Book) mode, which will be my particular bone to pick with them, taking into account that I might be accused of beating a dead horse.
PENGUINS AND ENCRYPTION
There are a lot of writings out there about why ECB is bad, but the gist of it is that it’s deterministic and stateless. Simply put, while it does encrypt the data, any given input will always result in the same output, e.g. if you encrypt the same word twice, you’ll get the same gibberish.
The iconic ECB penguin below is an excellent way to illustrate what this means:
Let's note that this picture (and therefore, the argument against ECB) is from 2004! It’s both sad and sobering to see that after more than 15 years, bad practices still prevail. To make things even worse, any other mode of AES would not suffer from this (though truth be said, they are slightly trickier to implement).
The same concept applies to encrypted voice, too, perhaps even in a compounded way, because the possible chunks to send are much more limited than in a video stream.
Granted, Zoom won’t be using this cypher in such a simplistic way: they will certainly compress it beforehand, which would complicate any attempt at decryption slightly, but still, the encryption itself won’t do what it’s supposed to, namely, actually provide a (reasonable) guarantee that the data is not accessible to prying eyes (or ears).
Saying that AES-256 encryption in ECB mode in any way “secures” your data is like leaving your bike tied to a tree with a rope and saying it will be safe from thieves.
My guess as to why it’s still being used, even by such big players like Zoom, is because it’s the simplest, easiest to implement cypher that you could possibly use, while still “sounding good on paper” (because you are technically using 256 bit keys to encrypt your data). Therefore, it’s very tempting to hurriedly jam it into your code and then claim that you have somehow provided security.
But as a system architect that I used to work with always said:
“A false sense of security is worse than no security.”
I couldn’t agree more, especially in times like this.