Google Meet opens client-side encrypted calls to non Google users

Summary: Google is updating the client-side encryption mechanism for Google Meet to allow external participants, including those without Google accounts, to join encrypted calls.

Threat Actor: N/A

Victim: N/A

Key Point :

  • Google is updating the client-side encryption mechanism for Google Meet to allow external participants, including those without Google accounts, to join encrypted calls.
  • Client-side encryption ensures that only people in the meeting have access to the data delivered through the application.
  • Google started rolling out client-side encryption updates for Workspace customers with Enterprise Plus, Education Standard, and Education Plus licenses.
  • Admins have to update their IdP/KACLS configurations to open up access to external participants and determine third-party identity providers that can be used to join the meeting.
  • External users invited to an encrypted Meet session need to first verify their identity using a method supported by the third-party Identity Provider (IdP) configured by the meeting’s administrator.

Google Meet opens client-side encrypted calls to non Google users

Google is updating the client-side encryption mechanism for Google Meet to allow external participants, including those without Google accounts, to join encrypted calls.

Client-side encryption ensures that only people in the meeting have access to the data delivered through the application.

Google Meet is part of the Google Workspace suite and provides users with secure video meetings and calls over the internet. The app has over five billion downloads on Google Play.

Although Google had already implemented client-side encryption in Meet, the application did not have the option for external users to join secure calls.

“Meet already encrypts all of your data at rest and in transit between our facilities — client-side encryption gives users direct control of their encryption keys and the identity service that they choose to authenticate for those keys,” reads Google’s announcement.

“Adding support for external participants means customers can collaborate with any of their stakeholders safe in the knowledge that only the meeting participants can decrypt the call media.”

Google started this week to roll out client-side encryption updates for Workspace customers with Enterprise Plus, Education Standard, and Education Plus licenses.

To activate the feature, admins have to update their IdP/KACLS configurations to open up access to external participants and determine third-party identity providers that can be used to join the meeting.

Admin-side settings to set identity verification methods
Admin-side settings to set identity verification methods
Google

External users invited to an encrypted Meet session need to first verify their identity using a method supported by the third-party Identity Provider (IdP) configured by the meeting’s administrator.

Supported methods include using an existing Google or Microsoft account as well as a one-time password supplied via SMS or email.

Additional details for Meet Client-side Encryption (CSE) are available here. Admins can follow these instructions to provide external participants access to client-side encrypted content.

Source: https://www.bleepingcomputer.com/news/security/google-meet-opens-client-side-encrypted-calls-to-non-google-users/


“An interesting youtube video that may be related to the article above”