Friday, March 5, 2021
Home Opinions Is China using Zoom teleconferencing to spy on us?

Is China using Zoom teleconferencing to spy on us?

Zoom’s most recent SEC filling shows that the company (through its Chinese affiliates) employs at least 700 employees in China that work in “research and development.”

Amidst the lockdown in many countries due to the coronavirus pandemic, people are now relying on teleconferencing applications to continue to stay connected with work or their distant families. One such popular teleconferencing app globally is Zoom. 

But is Zoom safe or a spy for China.

The Citizen Lab at the University of Toronto is an interdisciplinary laboratory based at the Munk School of Global Affairs & Public Policy, University of Toronto, focusing on research, development, and high-level strategic policy and legal engagement at the intersection of information and communication technologies, human rights, and global security.

The Citizen Lab report examined the encryption that protects meetings in the popular Zoom teleconference app. It found that Zoom has “rolled their own” encryption scheme, which has significant weaknesses.

In addition, it identified potential areas of concern in Zoom’s infrastructure, including observing the transmission of meeting encryption keys through China.

Here are the key findings of the The Citizen Lab investigations into ZOOM:

  • Zoom documentation claims that the app uses “AES-256” encryption for meetings where possible. However, we find that in each Zoom meeting, a single AES-128 key is used in ECB mode by all participants to encrypt and decrypt audio and video. The use of ECB mode is not recommended because patterns present in the plaintext are preserved during encryption.
  • The AES-128 keys, which we verified are sufficient to decrypt Zoom packets intercepted in Internet traffic, appear to be generated by Zoom servers, and in some cases, are delivered to participants in a Zoom meeting through servers in China, even when all meeting participants, and the Zoom subscriber’s company, are outside of China.
  • Zoom, a Silicon Valley-based company, appears to own three companies in China through which at least 700 employees are paid to develop Zoom’s software. This arrangement is ostensibly an effort at labor arbitrage: Zoom can avoid paying US wages while selling to US customers, thus increasing their profit margin. However, this arrangement may make Zoom responsive to pressure from Chinese authorities.

The report further indicated that while Zoom was headquartered in the United States, and listed on the NASDAQ, the mainline Zoom app appears to be developed by three companies in China, which all have the name – Ruanshi Software. Two of the three companies are owned by Zoom, whereas one is owned by an entity called American Cloud Video Software Technology Co., Ltd.  

Zoom’s most recent SEC filling shows that the company (through its Chinese affiliates) employs at least 700 employees in China that work in “research and development.” 

The filing also implies that 81 per cent of Zoom’s revenue comes from North America. 

Running development out of China likely saves Zoom having to pay Silicon Valley salaries, reducing their expenses and increasing their profit margin. 

However, this arrangement could also open up Zoom to pressure from Chinese authorities. 

While the mainline Zoom app (zoom.us) was reportedly blocked in China in November 2019, there are several third-party Chinese companies that sell the Zoom app within China (e.g., zoom.cn, zoomvip.cn, zoomcloud.cn).

The report further stated that:

“Unfortunately for those hoping for privacy, the implementation of call security in Zoom may not match its exceptional usability. We determined that the Zoom app uses non-industry-standard cryptographic techniques with identifiable weaknesses. In addition, during multiple test calls in North America, we observed keys for encrypting and decrypting meetings transmitted to servers in Beijing, China.

An app with easily-identifiable limitations in cryptography, security issues, and offshore servers located in China which handle meeting keys presents a clear target to reasonably well-resourced nation state attackers, including the People’s Republic of China.

Our report comes amidst a number of other recent research findings and lawsuits identifying other potential security and privacy concerns with the Zoom app. In addition, advocacy groups have also pointed out that Zoom lacks transparency report a critical step towards addressing concerns arising when companies have access to sensitive user data. Zoom has just started (April 2nd, 2020) that it will release such a report within 90 days.

As a result of these troubling security issues, we discourage the use of Zoom at this time for use cases that require strong privacy and confidentiality, including:

  • Governments worried about espionage
  • Businesses concerned about cybercrime and industrial espionage
  • Healthcare providers handling sensitive patient information
  • Activists, lawyers, and journalists working on sensitive topics”

The Citizen Lab raises pertinent questions about the safety of the teleconferencing app Zoom and also about its security due to links off Zoom with China. You can read Zoom’s annual report here.

Author Savio Rodrigues is a social activist, Founder and Editor-in-Chief of Goa Chronicle. You can read the original article here.

  Support Us  

Whether NDTV or 'The Wire', they never have to worry about funds. In name of saving democracy, they get money from various sources. We need your support to fight them. Please contribute whatever you can afford

OpIndia Staffhttps://www.opindia.com
Staff reporter at OpIndia

Related Articles

Trending now

‘Even if life was taken away illegally, courts are helpless’: the Congress toolkit for protecting institutions

Rahul Gandhi had recently said that though the Emergency was wrong, Congress has never tried to capture India's institutional framework.

Badminton coach Mathias Boe is also the coach of Pune 7 Aces, owned by girlfriend Taapsee Pannu and KRI Entertainment, both facing I-T probe

Mathias Boe is the coach of Pune 7 Aces, a franchisee badminton team that participates in the Premier Badminton League

Indian Govt should ask badminton coach and Taapsee Pannu’s boyfriend Mathias Boe to quietly do his job or quit

Mathias Boe had tweeted tagging Minister Kiren Rijiju, asking him to do 'something' about the IT raids on his girlfriend Taapsee Pannu

The world praises India as Made-in-India vaccines arrive to help countries start mass-vaccination against Covid

Expressing gratitude, the CARICOM described India as caring country and an example of international cooperation.

India cautions UNSC over weapons of mass destruction falling into the hands of terrorists in conflict regions like Syria

India called for an objective investigation into the alleged use of chemical weapons in Syria and a peaceful resolution of the Syrian conflict.

Anurag Kashyap’s accounts were seized for tax evasion under UPA rule too. Brave dissenter? Netizens ask

As per reports, the I-T raids have unearthed tax discrepancies to the tunes of several hundred crores.

Recently Popular

“Are you so creatively bankrupt”? Director of ‘Yeh Ballet’ slams Deepika Padukone starrer new Levi’s ad for plagiarising design ideas

Sooni Taraporevala said that the 'copycat culture' in India needs to be called out and cancelled after the set used in new Deepika Padukone starrer Levi's ad was plagiarised by the makers.

Crores of undisclosed income, unexplained cash receipts and more: IT Dept discovery so far in raids against Anurag Kashyap, Taapsee Pannu

Income Tax department (IT dept) conducted raid on properties linked to filmmaker Anurag Kashyap, actress Taapsee Pannu and others

Kiren Rijiju gives befitting reply to ‘befitting reply queen’ Taapsee Pannu’s boyfriend, who wanted the law to bend to his whims

Matthias Boe, boyfriend of actress Taapsee Pannu, had appealed to Kiren Rijiju to 'do something' to help the actress.

Her husband used to talk vulgar to girlfriend in front of her: Here is what the lawyer of Ayesha, who jumped into Sabarmati river,...

Ayesha, who committed suicide by jumping into the Sabarmati River in Gujarat on March 1, had a disquiet marital life

Indian Govt should ask badminton coach and Taapsee Pannu’s boyfriend Mathias Boe to quietly do his job or quit

Mathias Boe had tweeted tagging Minister Kiren Rijiju, asking him to do 'something' about the IT raids on his girlfriend Taapsee Pannu

‘Isko maine kaat dala’ – Father beheads daughter after finding her in compromising position, takes the head to police station

After beheading the 17-year-old daughter, Sarvesh Kumar took the head to Majhila police and confessed to the crime
- Advertisement -

 

Connect with us

253,210FansLike
522,079FollowersFollow
23,800SubscribersSubscribe