Paper 2021/486

Security Analysis of End-to-End Encryption for Zoom Meetings

Takanori Isobe and Ryoma Ito


In the wake of the global COVID-19 pandemic, video conference systems have become essential for not only business purposes, but also private, academic, and educational uses. Among the various systems, Zoom is the most widely deployed video conference system. In October 2020, Zoom Video Communications rolled out their end-to-end encryption (E2EE) to protect conversations in a meeting from even insiders, namely, the service provider Zoom. In this study, we conduct thorough security evaluations of the E2EE of Zoom (version 2.3.1) by analyzing their cryptographic protocols. We discover several attacks more powerful than those expected by Zoom according to their whitepaper. Specifically, if insiders collude with meeting participants, they can impersonate any Zoom user in target meetings, whereas Zoom indicates that they can impersonate only the current meeting participants. Besides, even without relying on malicious participants, insiders can impersonate any Zoom user in target meetings though they cannot decrypt meeting streams. In addition, we demonstrate several impersonation attacks by meeting participants or insiders colluding with meeting participants. Although these attacks may be beyond the scope of the security claims made by Zoom or may be already mentioned in the whitepaper, we reveal the details of the attack procedures and their feasibility in the real-world setting and propose effective countermeasures in this paper. Our findings are not an immediate threat to the E2EE of Zoom; however, we believe that these security evaluations are of value for deeply understanding the security of E2EE of Zoom.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. IEEE Access
ZoomEnd-to-End EncryptionImpersonation attacks
Contact author(s)
takanori isobe @ ai u-hyogo ac jp
itorym @ nict go jp
2021-06-21: revised
2021-04-16: received
See all versions
Short URL
Creative Commons Attribution


      author = {Takanori Isobe and Ryoma Ito},
      title = {Security Analysis of End-to-End Encryption for Zoom Meetings},
      howpublished = {Cryptology ePrint Archive, Paper 2021/486},
      year = {2021},
      doi = {10.1109/ACCESS.2021.3091722},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.