Advertisements
Monday, June 1, 2020
Home Opinions Is China using Zoom teleconferencing to spy on us?

Is China using Zoom teleconferencing to spy on us?

Zoom’s most recent SEC filling shows that the company (through its Chinese affiliates) employs at least 700 employees in China that work in “research and development.”

Also Read

OpIndia Staffhttps://www.opindia.com
Staff reporter at OpIndia

Amidst the lockdown in many countries due to the coronavirus pandemic, people are now relying on teleconferencing applications to continue to stay connected with work or their distant families. One such popular teleconferencing app globally is Zoom. 

But is Zoom safe or a spy for China.

The Citizen Lab at the University of Toronto is an interdisciplinary laboratory based at the Munk School of Global Affairs & Public Policy, University of Toronto, focusing on research, development, and high-level strategic policy and legal engagement at the intersection of information and communication technologies, human rights, and global security.

The Citizen Lab report examined the encryption that protects meetings in the popular Zoom teleconference app. It found that Zoom has “rolled their own” encryption scheme, which has significant weaknesses.

In addition, it identified potential areas of concern in Zoom’s infrastructure, including observing the transmission of meeting encryption keys through China.

Here are the key findings of the The Citizen Lab investigations into ZOOM:

  • Zoom documentation claims that the app uses “AES-256” encryption for meetings where possible. However, we find that in each Zoom meeting, a single AES-128 key is used in ECB mode by all participants to encrypt and decrypt audio and video. The use of ECB mode is not recommended because patterns present in the plaintext are preserved during encryption.
  • The AES-128 keys, which we verified are sufficient to decrypt Zoom packets intercepted in Internet traffic, appear to be generated by Zoom servers, and in some cases, are delivered to participants in a Zoom meeting through servers in China, even when all meeting participants, and the Zoom subscriber’s company, are outside of China.
  • Zoom, a Silicon Valley-based company, appears to own three companies in China through which at least 700 employees are paid to develop Zoom’s software. This arrangement is ostensibly an effort at labor arbitrage: Zoom can avoid paying US wages while selling to US customers, thus increasing their profit margin. However, this arrangement may make Zoom responsive to pressure from Chinese authorities.

The report further indicated that while Zoom was headquartered in the United States, and listed on the NASDAQ, the mainline Zoom app appears to be developed by three companies in China, which all have the name – Ruanshi Software. Two of the three companies are owned by Zoom, whereas one is owned by an entity called American Cloud Video Software Technology Co., Ltd.  

Zoom’s most recent SEC filling shows that the company (through its Chinese affiliates) employs at least 700 employees in China that work in “research and development.” 

The filing also implies that 81 per cent of Zoom’s revenue comes from North America. 

Running development out of China likely saves Zoom having to pay Silicon Valley salaries, reducing their expenses and increasing their profit margin. 

However, this arrangement could also open up Zoom to pressure from Chinese authorities. 

While the mainline Zoom app (zoom.us) was reportedly blocked in China in November 2019, there are several third-party Chinese companies that sell the Zoom app within China (e.g., zoom.cn, zoomvip.cn, zoomcloud.cn).

The report further stated that:

“Unfortunately for those hoping for privacy, the implementation of call security in Zoom may not match its exceptional usability. We determined that the Zoom app uses non-industry-standard cryptographic techniques with identifiable weaknesses. In addition, during multiple test calls in North America, we observed keys for encrypting and decrypting meetings transmitted to servers in Beijing, China.

An app with easily-identifiable limitations in cryptography, security issues, and offshore servers located in China which handle meeting keys presents a clear target to reasonably well-resourced nation state attackers, including the People’s Republic of China.

Our report comes amidst a number of other recent research findings and lawsuits identifying other potential security and privacy concerns with the Zoom app. In addition, advocacy groups have also pointed out that Zoom lacks transparency report a critical step towards addressing concerns arising when companies have access to sensitive user data. Zoom has just started (April 2nd, 2020) that it will release such a report within 90 days.

As a result of these troubling security issues, we discourage the use of Zoom at this time for use cases that require strong privacy and confidentiality, including:

  • Governments worried about espionage
  • Businesses concerned about cybercrime and industrial espionage
  • Healthcare providers handling sensitive patient information
  • Activists, lawyers, and journalists working on sensitive topics”

The Citizen Lab raises pertinent questions about the safety of the teleconferencing app Zoom and also about its security due to links off Zoom with China. You can read Zoom’s annual report here.

Author Savio Rodrigues is a social activist, Founder and Editor-in-Chief of Goa Chronicle. You can read the original article here.

Advertisements

  Support Us  

Whether NDTV or 'The Wire', they never have to worry about funds. In name of saving democracy, they get money from various sources. We need your support to fight them. Please contribute whatever you can afford

Trending now

OpIndia Staffhttps://www.opindia.com
Staff reporter at OpIndia

Two Pakistan High Commission officials caught spying using fake Indian identities, declared persona non grata

Delhi Police Special Cell nabbed two Pakistan High Commission officers after they were found engaged in spying using fake identities

‘Whether it is Sharjeel Imam or Tukde Tukde gang, no free hand will be given, those who challenge Indian unity and integrity will have...

Home Minister Amit Shah gave an interview to Arnab Goswami, a day after the first anniversary of the second term of Modi Sarkar.

‘Muslim Lives Matter’ trends on social media, demands for ‘protests’ in India along the lines of violent riots in USA being made

Certain individuals on social media want 'Muslim Lives Matter' protests in India along the lines of violent protests in the USA.

Woman ‘protestor’ poops on an overturned police car in middle of riots in America. Watch the video (or maybe not)

A woman was seen defecating on a damaged police car in USA, an act video recorded and photographed by onlookers

Jharkhand: Hindus allege cow slaughter on Eid, police call it rumour

In Jamri village of Rajepur police station area in Chatra, Jharkhand, Hindus have accused some Muslims of killing cows and then throwing beef in a well.

Rajdeep Sardesai tries to mock Sonam Wangchuk by peddling fake news that Statue of Unity is Made in China, deletes it: Read details

The Statue of Unity is actually constructed by Larsen & Toubro in India and not in China as claimed by Rajdeep Sardesai

Recently Popular

Hacker group ‘Anonymous’ declares war on Minneapolis police force after George Floyd killing, demands criminal charges against all cops involved in the incident

Anonymous said it does not trust the Minneapolis Police Department to "carry out justice" and warned the force to "expect" them

Actors Arshad Warsi, Milind Soman get attacked by Islamists and Pakistanis for urging people to boycott Chinese products amid Ladakh standoff

Following education reformer Sonam Wangchuk's call to boycott Chinese products amid Ladakh standoff, many celebrities have come forward to urge people to boycott Chinese products

George Floyd protests: Nike, Louis Vuitton, Macy’s, Adidas stores vandalised and looted by rioters in the US

The 'protests' against George Floyd killing have now escalated into large-scale riots, vandalism and looting of luxury stores

George Floyd killing: Rioter chants ‘La Ilaha Illalaha’ while ‘protesting’ in America

One protester in George Floyd killing protests was heard chanting the Islamic prayer claiming that Allah is the only god

Woman ‘protestor’ poops on an overturned police car in middle of riots in America. Watch the video (or maybe not)

A woman was seen defecating on a damaged police car in USA, an act video recorded and photographed by onlookers
Advertisements

Connect with us

229,060FansLike
357,834FollowersFollow
244,000SubscribersSubscribe
Advertisements