Further, instead of using AES-256 encryption as Zoom claims, the report found the application was using an AES-128 key in electronic code book (ECB) mode.