Zoom’s Encryption Is “Not Suited for Secrets”

By on April 3rd, 2020 in General
Zoom’s Encryption Is “Not Suited for Secrets” (The Intercept)

MEETINGS ON ZOOM, the increasingly popular video conferencing service, are encrypted using an algorithm with serious, well-known weaknesses, and sometimes using keys issued by servers in China, even when meeting participants are all in North America, according to researchers at the University of Toronto.

The researchers also found that Zoom protects video and audio content using a home-grown encryption scheme, that there is a vulnerability in Zoom’s “waiting room” feature, and that Zoom appears to have at least 700 employees in China spread across three subsidiaries. They conclude, in a report for the university’s Citizen Lab — widely followed in information security circles — that Zoom’s service is “not suited for secrets” and that it may be legally obligated to disclose encryption keys to Chinese authorities and “responsive to pressure” from them.

Zoom's security has been hammered since last week. First, Zoom was caught sending user meta-data to Facebook, then deception around end-to-end encryption, and now this:

Unfortunately, this is the software that most colleges and K-12 schools are using to provide remote instruction to students.

Got some feedback? Please leave a comment below.

This site uses Akismet to reduce spam. Learn how your comment data is processed.