news


Zoom security flaws and Chinese links make US authorities nervous

Zoom’s rise to fame might only be match by the fall from grace as security flaws and apparent ties to China are laid bare for all to see.

It was only last week Zoom CEO Eric Yuan had to pen a blog entry to calm fears over the video-conferencing service, but this additional post is to address statements from University of Toronto’s Citizen Lab. Zoom has rolled out its own encryption software to enhance security, though the Toronto researchers suggest there are ‘significant weaknesses’.

“We appreciate the questions we are getting and continue to work actively to address issues as we identify them,” said Yuan. “As video communications become more mainstream, users deserve to better understand how all these services work, including how the industry — Zoom and its peers – manages operations and provides services in China and around the world.”

Firstly, the Toronto researchers have questioned how effective the security features of Zoom actually are. On one hand, the encryption is not end-to-end by industry standards, despite the company claiming so, while the way in which it has been designed and implemented is also questioned.

“The Zoom transport protocol adds Zoom’s own encryption scheme to RTP in an unusual way,” the researchers state.

“By default, all participants’ audio and video in a Zoom meeting appears to be encrypted and decrypted with a single AES-128 key shared amongst the participants. The AES key appears to be generated and distributed to the meeting’s participants by Zoom servers. Zoom’s encryption and decryption use AES in ECB mode, which is well-understood to be a bad idea, because this mode of encryption preserves patterns in the input.”

These encryption keys could also be distributed through Chinese servers, which is a bad idea for anyone as companies can be legally compelled by the Government to hand over these keys. Zoom has said this oversight has been corrected and no international meetings will be routed through Chinese servers, but the damage may well have already been done.

When security and privacy in the digital economy are being discussed, it makes a tarnish on the record which can be very difficult to remove. Zoom has an incredibly long list for a company which continues to trade, but a link to China is one which is almost impossible to shake off. Especially when it comes to operating in the US.

Zoom is a company which is listed in the US on the NASDAQ, but the software appears to be developed by three companies in China, all known as Ruanshi Software, only two of which are owned by Zoom. The ownership of the third company, also known as American Cloud Video Software Technology, is unknown.

As it stands, 700 employees are currently in China, which is not unusual as it can save on salaries in comparison to the US, though it does open up the firm to pressure and influence from the Chinese Government. This is not a position which will make US authorities comfortable.

In New York, the Department of Education has banned all schools from using Zoom for remote learning, stating teachers will have Microsoft Teams functionality available as soon as possible. New York Attorney General Letitia James is also probing the privacy and security credentials of the company, a worrying sign for the business.

Security is a major component of the digital economy and Zoom just does not appear to be up to scratch. For every leak in the hull which is fixed, three more seem to emerge. The long list of security vulnerabilities was always going to catch up with the team, though it remains to be seen whether Eric Yuan can talk his way out of the apparent links to China, a potential death sentence in the US.

  • BIG 5G Event

  • Video Exchange MENA


6 comments

  1. Avatar Frank Q 25/04/2020 @ 4:54 am

    Incredible how we depend on China, how could this happen? Can we reverse it? Are we stupid in North America? I am ashamed. How can we explain to future generations? How can I look into the eyes of my children and grandchildren?

  2. Avatar teller, frederick 28/04/2020 @ 10:20 pm

    >Incredible how we depend on China, how could this happen?
    Well many consumers did not know. That’s why this article was written. Many things in the world are just taken at face value. A video conferencing software is just seen as a video conferencing software… not immediately critiqued & assumed to be an arm of CCP intelligence services.
    Now that we know its origins we can uninstall… but that answers your question how it could happen. Because the shell company’s administration is presented as American.

  3. Avatar Mark 03/05/2020 @ 8:46 pm

    Every company in china has a company secretary appointed by CCP and are member of the government.
    Made is China hardware and software safe until the upgrade or new version. China is starting to use secondary countries (e.g. Singapore ) . To hide there track. Develop your produce base software in China . When it come to security/ safe. Have i.t done some where else

  4. Avatar R. Zumstein 04/05/2020 @ 12:19 am

    If it looks like a rose, smells like a rose, it is still a thorn bush!

  5. Avatar Keuken 13/05/2020 @ 9:41 pm

    If it’s American and looks like a rose, smells like a rose, it is still a thorn George W Bush FBI tracking app. Why is China so bad when America is not?

  6. Avatar K Singh 17/05/2020 @ 7:36 am

    World and Indian Government should ban all Chinese product and services for CORONA COVID-19 GENERATOR AND KILLINGS TO ALL PEOPLES IN THE WORLD.. ALL COUNTRY COME TOGETHER.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Polls

Is there any need for a high-street presence for the telcos nowadays?

Loading ... Loading ...