UPDATED 16 May 2021 | Zoom or Not? NSA Offers Agencies Guidance for Choosing Videoconference Tools [27 Apr 2020]
Analysis by a cybersecurity expert for Project Spectrum—an initiative supported by the Defense Department’s Office of Small Business Programs—advises entities within the defense industrial base to avoid using Zoom. Among other things, the researcher cites the company’s connections to China.
UPDATED 11 APR 2021 | Huge Zoom flaw lets hackers completely take over your Mac or PC [updated]
- Zoom has admitted that some call data was routed through China for non-China users.
- CEO Eric Yuan said the calls were routed “mistakenly” after the company ramped up capacity to cope with a huge increase in demand.
- Separately, researchers at the University of Toronto found Zoom’s encryption used keys issued via servers in China, even when call participants were outside of China.
- China does not enforce strict data privacy laws and could conceivably demand that Zoom decrypt calls
Read more from Business Insider
Move Fast and Roll Your Own Crypto – A Quick Look at the Confidentiality of Zoom Meetings
- Zoom documentation claims that the app uses “AES-256” encryption for meetings where possible. However, we find that in each Zoom meeting, a single AES-128 key is used in ECB mode by all participants to encrypt and decrypt audio and video. The use of ECB mode is not recommended because patterns present in the plaintext are preserved during encryption.
- The AES-128 keys, which we verified are sufficient to decrypt Zoom packets intercepted in Internet traffic, appear to be generated by Zoom servers, and in some cases, are delivered to participants in a Zoom meeting through servers in China, even when all meeting participants, and the Zoom subscriber’s company, are outside of China.
- Zoom, a Silicon Valley-based company, appears to own three companies in China through which at least 700 employees are paid to develop Zoom’s software. This arrangement is ostensibly an effort at labor arbitrage: Zoom can avoid paying US wages while selling to US customers, thus increasing their profit margin. However, this arrangement may make Zoom responsive to pressure from Chinese authorities.
I am older than the internet and have incorporated IT technology in my business up until three years ago when I retired. ‘Mistakenly’ is a synonym to ‘accidentally’ or ‘unintentionally’ in the world of information technology (IT).
Routers and switches do nothing ‘accidentally’ or ‘mistakenly’. Everything a router does is 100% intentional.
Is Eric Yuan a Chinese spy? I don’t know. Perhaps the CIA or the FBI can answer this question. What I do know about immigrants from communist China is from U.S. news stories.
- FBI hunts for ‘Chinese military spies’ all across US as Pompeo calls for global crusade against Beijing | 24 Jul 2020
- Records of NYPD cop accused of spying for China shed light on his Marine Corps, Army service | 23 Sep 2020
- Gordon Chang: US universities are shutting down China-funded Confucius institutes | 10 Feb 2020
- Harvard university had a senior professor in charge of a department who actually was investigated and indeed has been arrested
- With China, what the Thousand Talents Program is trying to do is secretly buy information from American professors and scientists and they’ve been extremely successful at it
- The FBI says it has about a thousand investigations, active open investigations of espionage in commercial secrets and technological secrets that China has been operating. So, we have got to understand the breadth of Beijing’s effort to take US technology.
What I do know is Eric and his wife were born, raised, and educated in communist China.
The communist Chinese government requires full access to all software of all companies doing business in China.
I believe we must trust but verify all business and educational activities with native Chinese living and working in our country. At this point in time, I do not view Zoom Communications as trustworthy.