The statement says they were authorized to send commands to vulnerable servers through the exploited services/webshells which removed said webshells from the system.

With a closed-source client, how do we know Zoom does not add itself as a un-anounced participant in a meeting??

I assume there will be analysis done in the near future by third parties, but even that analysis is not sufficient to protect against a future change or a one-off, court-mandated targeted "switch" to join a un-announced participant to a meeting. The client can be designed to be 'dumb' in this regard.

The Zoom backend serves as a router for (possibly hundreds) individual encrypted streams of audio and video during a meeting. In order to support a cloud-save feature, they must first decrypt those streams in order to re-encode them into a unified multimedia file. Even if they were to store encrypted versions of all of these individual audio/video streams, how would they ultimately present that back to the user on request? There is no practical or easy way to do this.

> Even if they were to store encrypted versions of all of these individual audio/video streams, how would they ultimately present that back to the user on request? There is no practical or easy way to do this.

You would play it similar to how you attend a Zoom meeting. They could probably reuse most of the client code for this feature. But yes, I agree this is likely not the user experience that most users want.