Home » World News » Zoom under fire for security vulnerabilities, ties to China
Zoom under fire for security vulnerabilities, ties to China
Zoom privacy issues increase during coronavirus, lead CEO to admit fault
As Zoom use has increased during coronavirus and social distancing, ‘Zoom-bombing’ has become a major issue. FOX Business’ Jackie DeAngelis with more.
Get all the latest news on coronavirus and more delivered daily to your inbox. Sign up here.
Continue Reading Below
A study by the University of Toronto's Citizen Lab found new and significant security flaws in video conferencing app Zoom, including ties to China.
The app, which grew from 10 million to 200 million in March because so many people were required to work from home to slow the spread of the novel coronavirus pandemic, is facing several investigations in relation to its data privacy and security practices.
"In our urgency to come to the aid of people around the world during this unprecedented pandemic, we added server capacity and deployed it quickly — starting in China, where the outbreak began. In that process, we failed to fully implement our usual geo-fencing best practices," Zoom founder Eric Yuan said in an April 3 response to the findings.
The study published April 3 by Bill Marczak and John Scott-Railton shared three particular cybersecurity vulnerabilities found in Zoom's technology.
"Zoom has fatal flaws in their security architecture," Darren Guccione, CEO and co-founder of cybersecurity firm Keeper Security, told FOX Business.
He added that users should "absolutely be worried and upset" that they were led to believe the platform was secure when the study shows that it still has a long way to go.
"Like many other companies today with security issues, Zoom needs to understand that its business extends beyond creating and selling a productivity application," he said.
1. Encryption codes coming from China
First, the Marczack and Scott-Railton found that five of Zoom's 73 "key management systems," which generate unique encryption keys for users' calls, are located in China.
HACKERS' NEW TARGET DURING CORONAVIRUS PANDEMIC: VIDEO CONFERENCE CALLS
These encryption keys are generated for each individual Zoom call to keep conversations private by changing plain text into unreadable code, but Guccione says Zoom's codes leave some plain text in a readable format.
The significance of having offices in China that generate encryption codes is the fact that under a 2017 Chinese law, the Chinese government could potentially force Zoom to give up those keys, which hold users' personal information.
Guccione said this particular finding highlights the fact that Zoom does not use zero-knowledge security, which he called the company's "overarching flaw."