news


Zoom security flaws and Chinese links make US authorities nervous

Zoom’s rise to fame might only be match by the fall from grace as security flaws and apparent ties to China are laid bare for all to see.

It was only last week Zoom CEO Eric Yuan had to pen a blog entry to calm fears over the video-conferencing service, but this additional post is to address statements from University of Toronto’s Citizen Lab. Zoom has rolled out its own encryption software to enhance security, though the Toronto researchers suggest there are ‘significant weaknesses’.

“We appreciate the questions we are getting and continue to work actively to address issues as we identify them,” said Yuan. “As video communications become more mainstream, users deserve to better understand how all these services work, including how the industry — Zoom and its peers – manages operations and provides services in China and around the world.”

Firstly, the Toronto researchers have questioned how effective the security features of Zoom actually are. On one hand, the encryption is not end-to-end by industry standards, despite the company claiming so, while the way in which it has been designed and implemented is also questioned.

“The Zoom transport protocol adds Zoom’s own encryption scheme to RTP in an unusual way,” the researchers state.

“By default, all participants’ audio and video in a Zoom meeting appears to be encrypted and decrypted with a single AES-128 key shared amongst the participants. The AES key appears to be generated and distributed to the meeting’s participants by Zoom servers. Zoom’s encryption and decryption use AES in ECB mode, which is well-understood to be a bad idea, because this mode of encryption preserves patterns in the input.”

These encryption keys could also be distributed through Chinese servers, which is a bad idea for anyone as companies can be legally compelled by the Government to hand over these keys. Zoom has said this oversight has been corrected and no international meetings will be routed through Chinese servers, but the damage may well have already been done.

When security and privacy in the digital economy are being discussed, it makes a tarnish on the record which can be very difficult to remove. Zoom has an incredibly long list for a company which continues to trade, but a link to China is one which is almost impossible to shake off. Especially when it comes to operating in the US.

Zoom is a company which is listed in the US on the NASDAQ, but the software appears to be developed by three companies in China, all known as Ruanshi Software, only two of which are owned by Zoom. The ownership of the third company, also known as American Cloud Video Software Technology, is unknown.

As it stands, 700 employees are currently in China, which is not unusual as it can save on salaries in comparison to the US, though it does open up the firm to pressure and influence from the Chinese Government. This is not a position which will make US authorities comfortable.

In New York, the Department of Education has banned all schools from using Zoom for remote learning, stating teachers will have Microsoft Teams functionality available as soon as possible. New York Attorney General Letitia James is also probing the privacy and security credentials of the company, a worrying sign for the business.

Security is a major component of the digital economy and Zoom just does not appear to be up to scratch. For every leak in the hull which is fixed, three more seem to emerge. The long list of security vulnerabilities was always going to catch up with the team, though it remains to be seen whether Eric Yuan can talk his way out of the apparent links to China, a potential death sentence in the US.

  • BIG 5G Event


16 comments

  1. Avatar Frank Q 25/04/2020 @ 4:54 am

    Incredible how we depend on China, how could this happen? Can we reverse it? Are we stupid in North America? I am ashamed. How can we explain to future generations? How can I look into the eyes of my children and grandchildren?

    • Avatar Martha Dogood 25/09/2020 @ 8:28 pm

      All Americans should use Webex instead, owned by Cisco, American company. This zoom guy stole Webex info while he was there. He’s Chinese communist party member.

  2. Avatar teller, frederick 28/04/2020 @ 10:20 pm

    >Incredible how we depend on China, how could this happen?
    Well many consumers did not know. That’s why this article was written. Many things in the world are just taken at face value. A video conferencing software is just seen as a video conferencing software… not immediately critiqued & assumed to be an arm of CCP intelligence services.
    Now that we know its origins we can uninstall… but that answers your question how it could happen. Because the shell company’s administration is presented as American.

  3. Avatar Mark 03/05/2020 @ 8:46 pm

    Every company in china has a company secretary appointed by CCP and are member of the government.
    Made is China hardware and software safe until the upgrade or new version. China is starting to use secondary countries (e.g. Singapore ) . To hide there track. Develop your produce base software in China . When it come to security/ safe. Have i.t done some where else

  4. Avatar R. Zumstein 04/05/2020 @ 12:19 am

    If it looks like a rose, smells like a rose, it is still a thorn bush!

  5. Avatar Keuken 13/05/2020 @ 9:41 pm

    If it’s American and looks like a rose, smells like a rose, it is still a thorn George W Bush FBI tracking app. Why is China so bad when America is not?

    • Avatar Dave 27/05/2020 @ 12:07 pm

      A silly question. China is a communist dictatorship with zero free press or individual rights. Why do people actually want to live in the USA but they are not trying to sneak into China. But the world is now awake to China. We will avoid them at all costs.

      • Avatar Bravo 16/06/2020 @ 8:08 am

        While are you Americans always afraid and sceptical of China? I can see that you are envying them. Speaking evil of this app will not take you any where. Americans intelligence has been hacking and spying on both citizens and foreigners data around the world and they had been no problem, now that a Chinese man company is surpassing an American company, enviness has crept in. Hmm, you cannot stop the usage and progress of this app because of your racist and greedy intentions. American companies are in other countries doing well and nobody has being complaining. God has projected China to excel and there is nothing anybody can do about it. You speak of dictatorship, a man from America is in no position to accuse anybody of such. What your president is doing right now is worst than being a dictator. Please, stop envying other countries progress.

        • Avatar joe schlepp 14/07/2020 @ 12:13 am

          Bottom line – You do NOT like Trumps as President.

          The rest of your diatribe is fluff. China is aggressively looking to increase its influence and does not care what means they adopt. There is enough talent in USA to tackle such Projects with ease.

        • Avatar e c 22/07/2020 @ 4:13 am

          what god are you talking about. Does the of china kill people critical of the ccp government and put their organs on the sales market in 3 days. does the god of china make slaves of muslims and put them in slave labor camps to save apple and nike a few bucks? NOOOOOOOOOOOO, the gods of china–the commununist party and xi jiping do. and you are stupid enough to buy that crap

    • Avatar Chanakya 18/06/2020 @ 6:42 am

      don’t compare CCP hegemony oppression of its own people with USA there is no comparison. It’s a joke People Liberation Army made up of slave soul less robots oppressing their own humans call themselves People Liberation. Liberate yourself from CCP dictatorship get your flat heads out of CCP muck you will understand.

  6. Avatar K Singh 17/05/2020 @ 7:36 am

    World and Indian Government should ban all Chinese product and services for CORONA COVID-19 GENERATOR AND KILLINGS TO ALL PEOPLES IN THE WORLD.. ALL COUNTRY COME TOGETHER.

  7. Avatar vince 30/05/2020 @ 6:12 pm

    Every person, Organization, Company etc. that continue to use Zoom is only ‘Feeding the Beast’, Zoom is gleaning information about Americans with every meeting that uses Zoom, China is out to bury America. They want t6o be the Number ONE power in the world.
    Vince Montagna

  8. Avatar Shivi singh 04/07/2020 @ 5:26 am

    China is a disgust to entire human race… it’s a racist country in every aspects. Other countries should stop their disputes and just get together to boycott china.

  9. Avatar Sid 22/09/2020 @ 11:57 pm

    China is the most evil disgusting government along side of the Iranian regime. DONT USE ZOOM.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Polls

What would be the future role of satellite communications?

Loading ... Loading ...