Friday, October 30, 2020
Home Opinions Is China using Zoom teleconferencing to spy on us?

Is China using Zoom teleconferencing to spy on us?

Zoom’s most recent SEC filling shows that the company (through its Chinese affiliates) employs at least 700 employees in China that work in “research and development.”

Amidst the lockdown in many countries due to the coronavirus pandemic, people are now relying on teleconferencing applications to continue to stay connected with work or their distant families. One such popular teleconferencing app globally is Zoom. 

But is Zoom safe or a spy for China.

The Citizen Lab at the University of Toronto is an interdisciplinary laboratory based at the Munk School of Global Affairs & Public Policy, University of Toronto, focusing on research, development, and high-level strategic policy and legal engagement at the intersection of information and communication technologies, human rights, and global security.

The Citizen Lab report examined the encryption that protects meetings in the popular Zoom teleconference app. It found that Zoom has “rolled their own” encryption scheme, which has significant weaknesses.

In addition, it identified potential areas of concern in Zoom’s infrastructure, including observing the transmission of meeting encryption keys through China.

Here are the key findings of the The Citizen Lab investigations into ZOOM:

  • Zoom documentation claims that the app uses “AES-256” encryption for meetings where possible. However, we find that in each Zoom meeting, a single AES-128 key is used in ECB mode by all participants to encrypt and decrypt audio and video. The use of ECB mode is not recommended because patterns present in the plaintext are preserved during encryption.
  • The AES-128 keys, which we verified are sufficient to decrypt Zoom packets intercepted in Internet traffic, appear to be generated by Zoom servers, and in some cases, are delivered to participants in a Zoom meeting through servers in China, even when all meeting participants, and the Zoom subscriber’s company, are outside of China.
  • Zoom, a Silicon Valley-based company, appears to own three companies in China through which at least 700 employees are paid to develop Zoom’s software. This arrangement is ostensibly an effort at labor arbitrage: Zoom can avoid paying US wages while selling to US customers, thus increasing their profit margin. However, this arrangement may make Zoom responsive to pressure from Chinese authorities.

The report further indicated that while Zoom was headquartered in the United States, and listed on the NASDAQ, the mainline Zoom app appears to be developed by three companies in China, which all have the name – Ruanshi Software. Two of the three companies are owned by Zoom, whereas one is owned by an entity called American Cloud Video Software Technology Co., Ltd.  

Zoom’s most recent SEC filling shows that the company (through its Chinese affiliates) employs at least 700 employees in China that work in “research and development.” 

The filing also implies that 81 per cent of Zoom’s revenue comes from North America. 

Running development out of China likely saves Zoom having to pay Silicon Valley salaries, reducing their expenses and increasing their profit margin. 

However, this arrangement could also open up Zoom to pressure from Chinese authorities. 

While the mainline Zoom app (zoom.us) was reportedly blocked in China in November 2019, there are several third-party Chinese companies that sell the Zoom app within China (e.g., zoom.cn, zoomvip.cn, zoomcloud.cn).

The report further stated that:

“Unfortunately for those hoping for privacy, the implementation of call security in Zoom may not match its exceptional usability. We determined that the Zoom app uses non-industry-standard cryptographic techniques with identifiable weaknesses. In addition, during multiple test calls in North America, we observed keys for encrypting and decrypting meetings transmitted to servers in Beijing, China.

An app with easily-identifiable limitations in cryptography, security issues, and offshore servers located in China which handle meeting keys presents a clear target to reasonably well-resourced nation state attackers, including the People’s Republic of China.

Our report comes amidst a number of other recent research findings and lawsuits identifying other potential security and privacy concerns with the Zoom app. In addition, advocacy groups have also pointed out that Zoom lacks transparency report a critical step towards addressing concerns arising when companies have access to sensitive user data. Zoom has just started (April 2nd, 2020) that it will release such a report within 90 days.

As a result of these troubling security issues, we discourage the use of Zoom at this time for use cases that require strong privacy and confidentiality, including:

  • Governments worried about espionage
  • Businesses concerned about cybercrime and industrial espionage
  • Healthcare providers handling sensitive patient information
  • Activists, lawyers, and journalists working on sensitive topics”

The Citizen Lab raises pertinent questions about the safety of the teleconferencing app Zoom and also about its security due to links off Zoom with China. You can read Zoom’s annual report here.

Author Savio Rodrigues is a social activist, Founder and Editor-in-Chief of Goa Chronicle. You can read the original article here.

  Support Us  

Whether NDTV or 'The Wire', they never have to worry about funds. In name of saving democracy, they get money from various sources. We need your support to fight them. Please contribute whatever you can afford

OpIndia Staffhttps://www.opindia.com
Staff reporter at OpIndia

Related Articles

Trending now

Former PM of Malaysia goes from talking about women’s ‘secret place’ to inciting genocide for insulting Islam in single tweet thread: Read details

Mahathir Mohamad justified the attacks on French people by Islamist terrorist saying that mere boycott could not compensate the wrongs of France.

‘We are proud’: Terroristan admits hand in Pulwama attack, minister claims victory of people under leadership of Imran ‘Taliban’ Khan

"Humne Hindustan ko ghus ke maara", Pakistani minister Fawad Chaudhry described how Pakistan orchestrated Pulwama terror attack

After Nice, another Islamic terrorist shouting Allahu Akbar attacks France’s Avignon, guard at French embassy in Jeddah attacked too

Three attacks have been reported in a single day, Mayor of Nice in France asks people to unit against "Islamofascisim terrorist attack"

Mumbai police intensifies witch-hunt, now wants details that would give him almost unfettered access to the Republic TV newsroom: Read details

Mumbai police have demanded access to the newsroom of the channel including the contact details, addresses and login IDs of journalists.

Witch-hunt continues: Parambir Singh sues Goa Chronicle and RVS Mani, wants to know if portal made money by publishing interview ‘defaming him’

RV Subramani had said in Goa Chronicle that a corporate house was behind appointment of Param Bir SIngh as Mumbai police commissioner

Why is Europe locking down instead of copying globally famous Kerala model?

The state of Kerala, under the visionary leadership of health minister Shailaja “Teacher” has a solution to Covid-19. Why wouldn’t the world just copy the Kerala model?

Recently Popular

‘Modi, Modi’ slogans inside Pakistan National Assembly: Here is what happened

The name of PM Modi echoed on Monday as members of Pakistan's opposition members chanted 'Modi, Modi' slogans inside Pakistan National assembly

Chinese state-run channel shows the portrait of Prophet Muhammad, netizens ask if Muslim nations will boycott China

Arslan Hidayat, an Uyghur Rights Activist, took to Twitter shared a video of a Chinese TV series on Twitter in which it was depicted that an Arab ambassador visiting China during the rule of Tang dynasty gifts a portrait of the Prophet Muhammad to the Chinese emperor.

‘His legs were shivering, head was sweating fearing attack by India’: Pakistani opposition leader reveals why Imran Khan govt had released Abhinandan Varthaman

PML(N) leader Ayaz Sadiq said that Pakistani Foreign Minister had feared that India would attack Pakistan if Abhinandan is not returned

Watch: Pro-India accounts disrupt Pakistan’s anti-India online meeting on Zoom, play pro-Hindu and Indian nationalistic songs

Indic social media users caused embarrassment to Pakistani authorities and diplomats after they raided their online event on zoom

Here are ‘liberals’ who hailed Imran Khan’s benevolence for releasing Abhinandan, while he was shaking in his boots, thinking of Modi going to war

The usual suspects declared Imran Khan 'won' despite the fact that it was Indian Armed Forces that destroyed terror camps in Pakistan.

France: Three killed, reportedly beheaded by an Islamic terrorist shouting Allahu Akbar at a Church in Nice

Three people have died of which at least two are reportedly beheaded in a terrorist attack at Notre Dame Church in Nice, France.
- Advertisement -

The Print columnist Zainab Sikander Siddiqui wants Charlie Hebdo to have the “guts” to mock the Holocaust if it wants to publish cartoons on...

Zainab Sikander Siddiqui ruled that Charlie Hebdo cartoons mocking other religions are not offensive, only cartoons on Islam are offensive

NBSA summons Zee News editor Sudhir Chaudhary for “divisive” report on the different types of Jihad, says it targets the Muslim community

NBSA asked Zee News Editor-in-chief Sudhir Chaudhary to appear for a hearing on November 26 via video conferencing

Former PM of Malaysia goes from talking about women’s ‘secret place’ to inciting genocide for insulting Islam in single tweet thread: Read details

Mahathir Mohamad justified the attacks on French people by Islamist terrorist saying that mere boycott could not compensate the wrongs of France.

AajTak, Zee News and others apologise after NBSA pulls up the channels for spreading fake news on Sushant Singh Rajput’s death

AajTak, Zee News and India TV air apology for its insensitive and sensationalised reporting of actor Sushant Singh Rajput’s death

India objects to Saudi Arabia over distorted map of India on new 20 Riyal banknote, asks to take urgent corrective steps

India registered objection over a distorted map showing Jammu and Kashmir separated from India in newly released 20 Riyal banknote

While Uddhav Thackeray govt stalled a development project to ‘save Aarey’, Shiv Sena-led BMC has now been fined for letting untreated sewage into the...

NGT has slapped Shiv Sena-led Brihanmumbai Municipal Corporation (BMC) a fine Rs 34 crore for letting untreated sewage into water

‘We are proud’: Terroristan admits hand in Pulwama attack, minister claims victory of people under leadership of Imran ‘Taliban’ Khan

"Humne Hindustan ko ghus ke maara", Pakistani minister Fawad Chaudhry described how Pakistan orchestrated Pulwama terror attack

After Nice, another Islamic terrorist shouting Allahu Akbar attacks France’s Avignon, guard at French embassy in Jeddah attacked too

Three attacks have been reported in a single day, Mayor of Nice in France asks people to unit against "Islamofascisim terrorist attack"

Mumbai police intensifies witch-hunt, now wants details that would give him almost unfettered access to the Republic TV newsroom: Read details

Mumbai police have demanded access to the newsroom of the channel including the contact details, addresses and login IDs of journalists.

Witch-hunt continues: Parambir Singh sues Goa Chronicle and RVS Mani, wants to know if portal made money by publishing interview ‘defaming him’

RV Subramani had said in Goa Chronicle that a corporate house was behind appointment of Param Bir SIngh as Mumbai police commissioner

Connect with us

245,563FansLike
471,044FollowersFollow
19,500SubscribersSubscribe