Crypto: Zoom and Apple T2... Trusted Crypto That Isn't

[grarpamp]

https://www.wired.com/story/apple-t2-chip-unfixable-flaw-jailbreak-mac/
https://github.com/windknown/presentations/blob/master/Attack_Secure_Boot_of_SEP.pdf
https://duckduckgo.com/?q="checkra1n"

Apple's T2 Security Chip Has an Unfixable Flaw
The Checkm8 vulnerability that exposed years of iPhones to
jailbreaking has finally been exploited in Macs as well,
called Checkra1n.
"This chip, which was supposed to provide all this extra
security, is now pretty much moot."


https://www.zdnet.com/article/zoom-to-roll-out-end-to-end-encrypted-e2ee-calls/

Not logically possible that Zoom claimed to have
secure p2p, but now adds secure p2p, thus lied again.
Of course it is all closed source and account based,
making it trivial for Zoom / Rogue Staff, Govts, etc
to exploit users at will.

Video conferencing platform Zoom announced today plans to roll out
end-to-end encryption (E2EE) capabilities starting next week. From a
report: E2EE will allow Zoom users to generate individual encryption
keys that will be used to encrypt voice or video calls between them
and other conference participants. These keys will be stored locally
and will not be shared with Zoom servers, meaning the software company
won't be able to access or intercept any ongoing E2EE meetings.
Support for E2EE calls will first be part of Zoom clients to be
released next week. To use the new feature, users must update theri
clients next week and enable support for E2EE calls at the account
level. This green shield will contain a lock if E2EE is active. If the
lock is absent, Zoom will use its default AES 256-bit GCM encryption
scheme, which the company uses to secure current communications, but
which the company can also intercept.