Reverse engineer/packet sniff the implementation and perform some sort of cryptanalysis to see if the implementation works according to the published protocol. It's pretty standard.
That's sort of what happened with the ECB mode stuff that kicked this whole thing off in the first palace. See section 4 from the below for more info.
That doesn't show that someone on Zoom's end isn't decrypting data in an invisible way, without a warrant, with the key they have access to, in the non-e2e case.
This whole discussion is about the E2E case. That's what the CEO was referring to. There's a twitter thread link somewhere.
I think I read that Zoom do decrypt AES-GCM server side already. They have to so they can put the little green box around the person currently speaking. EDIT - this is incorrect for AES-GCM, it's not decrypted server side.
Edit - at least e2e is the angle I'm approaching it from as it's the new information.
Which is a fairly ambiguous question and could be interpreted several ways so I went mainly for the E2E case (as it's the new thing).
Could also be interpreted as how can we show only paid users can access it? Or that certain features will be disabled with E2E?
What I replied with covers both E2E and the current state equally tbh (the linked article did it before with ECB). There are always limitations to what is possible.
I could break into the Zoom servers to make sure everything is kosher. But that's illegal.
If WhatsApp started transmitting E2E keys back to their servers people would find that out client side through network packet inspection, not server side.
Security researchers are limited in the tools/methods they can use. We have to work with what we've got at our disposal.
> Security researchers are limited in the tools/methods they can use. We have to work with what we've got at our disposal.
Which is exactly why "trust us, we're not going to do anything with these keys" is a ridiculous state of affairs and shouldn't be tolerated. We can't show that they're actually doing what they say, and it'll be years after they implement mass surveillance on the behest of law enforcement before someone leaks something.
> I think I read that Zoom do decrypt AES-GCM server side already. They have to so they can put the little green box around the person currently speaking.
> Matthew Green, a cryptographer and computer science professor at Johns Hopkins University, points out that group video conferencing is difficult to encrypt end to end. That’s because the service provider needs to detect who is talking to act like a switchboard, which allows it to only send a high-resolution videostream from the person who is talking at the moment, or who a user selects to the rest of the group, and to send low-resolution videostreams of other participants. This type of optimization is much easier if the service provider can see everything because it’s unencrypted.
This was 2 months ago so their new white paper clarifies the current situation:
> For use cases such as meeting real-time content (video, voice, and content share), where data is transmitted over User
Datagram Protocol (UDP), we use AES-256 GCM mode to encrypt these compressed data streams. Additionally, for video,
voice, and content share encrypted with AES, once it’s encrypted, it remains encrypted as it passes through Zoom’s meeting servers until it reaches another Zoom Client or a Zoom Connector, which helps translate the data to another protocol.
